Html full form( Hypertext Markup Language): Learn complete HTML

HTML introduction

HTML stands for HyperText Markup Language which is a markup language that is used to create a web page and markup language means a language that uses tags to define elements within a document.

With HTML you can create static pages however if you combine CSS, Javascript and HTMl together you will be able to create dynamic and more functional web pages or websites.

HTML Basic Example and HTML Syntax

Now that you have a basic idea of HTML, let’s kick off this tutorial by learning how to declare HTML Syntax. In the below HTML code:

  • <!DOCTYPE html> specific that it is a HTML5 document.
  • <html> is the root of html page.
  • <head> contains page information.
  • <title> is title of the page
  • <body> is documents body
  • <h1> is heading
  • <p> is the paragraph
<!DOCTYPE html>
<html>
<head>
<title> Page title </title>
</head>
<body>
<h1> My first heading</h1>
<p> My fist para </p>
</body>
</html>
<!DOCTYPE html>  # Document Type 
<html lang="en-US">    # Language Attribute to declare the language of the Web page
<head>
# Also <meta> element is used to specify the character set, page description, author and viewport.
<meta name="viewport" content="width=device-width, initial-scale-1.0"  # Setting the viewport which is a users visible area of a web page, initial-scale=1.0 sets the initial zoom level. 
<style>                                                     # Head element is the container of title, style, meta, link, script etc.
body{background-color: red;}                                # Internal CSS and define style information for a single HTML page
h1{ color:red; }                                            # Internal CSS
p {
  border: 2px red;                                          # Border( Border becomes more dark when pixels increased)
  padding: 30px;                                            # Padding ( Space between text and Border)
  margin: 10px;                                             # Margin (Space outside the border)
 }
a: link, a:visted, a:hover, a:active {                      # HTML Links with different with different scenerios
  text-align: center;
  color: blue;
}
.city {                                                     # Decalring the CSS for Class City
 background-color: tomato;
 color: white;
}
<link rel="stylesheet" href="styles.css">                   # External CSS and link is a 
<link rel="icon" type="image/x-icon" href="/images/favicon.ico" # Adding the Favicon in HTML page.
</style>
</head>
<body>
<div class="city">                                          # Creating a class named city 
  <h2> Hello this is my City </h2>
</div>                                                      # Class City ends here
<!--      -->                                               # Comments in HTML 
<p style="background:red" background-image: url('a.jpg') background-repeat>...........</p>                   # Paragraph
<p><a href="#C4">Jump to Chapter 4</a>                      # Creating a Link to create a BookMark using the ID 
<h2 id="C4"> Chapter 4 </h2>                                # Creating a heading with id that will be tagged with a link to create a bookmark. ID's are unique and used only with one HTML element rather than class being used by multiple HTML elements
<a href="google.com"> This is a link</a>                    # Link
<a href="google.com" target="_blank"> This is a link</a>    # Opens the document in a new window or tab
<a href="google.com" target="_parent"> This is a link</a>   # Opens the document in parent frame
<a href="google.com" target="_top"> This is a link</a>      # Opens the document in full body of the window
<a href="google.com" target="_self"> This is a link</a>     # Opens the document in same window
<iframe src="a.html" name="iframe_a" height="10" width="10" title="Title Iframe"></iframe>   # Creating a Iframe ( An inline fram) 
<p><a href="google.com" target="iframe_a">Hello, the link will open when clicked on the link</a></p>   # Using Iframe in the link  
<ol>                                                        # Ordered List
  <li>Coffee</li>                                           # Lists
  <li>Tea</li>
</ol>
<img src="a.jpeg" alt="Image" width="2" height="2">         # Image
<img src="computer_table.jpeg" usermap="#workmap">          # Using Image Map
<map name="workmap">
   <area shape="" coords="34,44,270,350" href="computer.htm">
   <area shape="" coords="31,41,21,35"   href="phone.htm">
<map>
</body>

<script>                                                   # Creating a Javascript inside the Html Page
  function myfunc() {
  document.getElementById("C4").innerHTML = "Have a nice DAY "
  var x = document.getElementsByClassName("city");         # Using the Class city within the Javascript within a HTML Page
  for (var i = 0; i< x.length; i ++ ) {
    x[i].style.display = "none"
  }
}

</script>
</html>


<header> - Defines a header for a document or a section
<nav> - Defines a set of navigation links
<section> - Defines a section in a document
<article> - Defines an independent, self-contained content
<aside> - Defines content aside from the content (like a sidebar)
<footer> - Defines a footer for a document or a section
<details> - Defines additional details that the user can open and close on demand
<summary> - Defines a heading for the <details> element




Everything you should know about Prometheus Grafana dashboard

Are you worried about the performance of your systems and dozens of applications running on them? Stop worrying as you are at the right place to learn about one of the most latest and widely used tools Prometheus and Grafana.

Prometheus is an open-source monitoring system that collects real-time metrics and is used as the data source in Grafana for visualization.

In this tutorial, you will learn everything you should know about the Prometheus Grafana dashboard.

Let’s get started.

Prerequisites

Prometheus installed on your Ubuntu machine

What is Prometheus?

Prometheus is a powerful, open-source monitoring system that collects real-time time-series metrics from services and stores them in memory and local disk in its own custom and efficient format [time-series database]. It is also used for alerting.

For example:

Time-series database contains a set of key-value pairs called labels. It is written in Go Language and executes powerful queries using Flexible query language (PromQL which is read-only). Prometheus provides great visualization using its own built-in expression browser and works well with Grafana dashboards and alert notifications

There are dozens of client libraries such as Java, Python, Scala, Ruby, and multiple integrations available for Prometheus.

In Software or programming language binaries are compiled code that allow a program to be installed without having to compile the source code.

In Software or programming language library is a collection of non-volatile resources used by computer programs, often for software development such as configuration data, documentation, help data, message templates, pre-written code and subroutines, classes, values or type specifications.

  • Syntax of Prometheus metrics is shown below. The below notation of syntax contains metrics name followed by key-value pairs also known as labels.
# Notation of time series
<metric name> {<label name>=<label value>,.....} 
# Example
node_boot_time {instance="localhost:9000",job="node_exporter"}

How does Prometheus Work

Prometheus collects metrics from monitored targets by scraping metrics HTTP Endpoint using the Prometheus configuration file. A single Prometheus server is able to ingest up to one million samples per second.

Using Exporters and Prometheus in Prometheus Configuration file

  • The Prometheus configuration file is stored in YAML format and by default it looks like. The path of Prometheus configuration file is /etc/prometheus/prometheus.yml
# my global config
global:
  scrape_interval: 15s
  evaluation_interval: 15s

# To scrape metrics from prometheus itself add the below block of code.

scrape_configs:
  - job_name: 'prometheus'              # Prometheus will scrape 
    scrape_interval: 5s
    static_configs:
      - targets: ['localhost:9090']

  - job_name: 'node_exporter_metrics'  # we are including Node Expoter
    scrape_interval: 5s
    static_configs:
      - targets: ['localhost:9100']
  • After you configure or update the prometheus configuration file, you can reload it using the below command without having to restart the prometheus.
kill -SIGHUP <pid>
  • To check the Prometheus configuration file on the UI which was configured on the server.

Using EC2 as Service Discovery mechanism in Prometheus Configuration file

Prometheus server continuously pulls metrics from jobs or apps but at times it is not able to pull the metrics due to servers not reachable due to NAT or firewall and in that case, it uses Pushgateway.

  • Pushgateway is used as an intermediary service. You can also query the Prometheus server using the PromQL and can visualize the data in its own Web UI and the Grafana Dashboard.
  • Service discovery automatically detects devices and services offered on the computer network. Lets say if you need to self discover the AWS EC2 instance then add the following configuration in the Prometheus.
# my global config
global:
  scrape_interval: 15s
  evaluation_interval: 15s

# To scrape metrics from prometheus itself add the below block of code.

scrape_configs:
  - job_name: 'AWS EC2'              # Prometheus will scrape AWS EC2
    ec2_sd_configs:
      - region: us-east-1
         access_key: ACCESS_KEY
         secret_key: SECRET_KEY
         port: 9100

Using Kubernetes as Service Discovery mechanism in Prometheus Configuration file

  • Now if you need to add the Kubernetes configuration then add code in below format.
- job_name: 'kubernetes service endpoints'        
  kubernetes_sd_configs:
      -
        api_servers:
           - https://kube-master.prometheus.com
        in_cluster: true

Using Configuration file Service Discovery mechanism in Prometheus Configuration file

[
  {
     "targets": ["myslave:9104"]
     "labels": {
        "env": "prod"
         "job": "mysql_slave"
     }
  }
]
  • To add the file named target.json for service discovery add the below configuration
scrape_configs:
  - job_name: 'dummy'              # Prometheus will scrape file
    file_sd_configs:
      - files:
         - targets.json

Prometheus and Python Client Library

import random, time

from flask import Flask, render_template_string, abort
from prometheus_client import generate_latest, REGISTRY , Counter, Gauge, Histogram

app = Flask(__name__)

REQUESTS = Counter('http_requests_total', 'Total HTTP Requests(Count)', ['method', 'endpoint', 'status_code'])

IN_PROGRESS = Gauge('http_requests_inprogress', 'Number of in progress HTTP requests')

TIMINGS = Histogram('http_request_duration_seconds', 'HTTP request latency (seconds)')

@app.route('/')

@TIMINGS.time()
@IN_PROGRESS.track_inprogress()

def hello_world():
    REQUESTS.labels(method='GET', endpoint="/", status_code=200).inc()
    return 'Hellos World'

if __name__ == "__main__":
    app.run(host='127.0.0.9',port=4455,debug=True)

Prometheus Alerting

Prometheus Alerting is divided into two categories Alerting Rules and AlertManager

Alerting rules: allows you to define the alert condition and send the alerts to an external services

  • Rules live in Prometheus server configuration and you can confgure the rules in /etc/prometheus/pometheus.yml
rule_files:
- "/etc/pometheus/alert.rules"
  • Create a file named alert.rules as shown below.
groups:
- name: Importanta Instance
# Alert for any instance that is unreachable for greater than 5 minutes
   rules:
   - alerts: Instancedown
      exp: up == 0
      for: 5m
      labels: 
         severity: critical
      annotations: 
         summary: Machine not available

Alertmanager: It handles all the alerts fired by the Prometheus servers such as grouping, rerouting, and deduplication of alerts. It routes alerts to Pagerduty, Opsgenie, email, slack.

  • The configuration of alertmanager is stored at /etc/alertmanager/alertmanager.yml
global: 

   smtp_smarthost: 'localhost:25'
   smtp_from: 'support@automateinfra.com'
   smtp_username: 'shanky'
   smtp_password: 'password123'
templates:
-  '/etc/alertmanager/template/*.tmpl'

route:
    repeat_interval: 1h
    receiver: operations-team

receivers:
-  name: 'operations-team'
    email_configs:
    - to: 'shanky@automateinfra.com'
    salck_configs:
    - api_url: https://hook.slack.com/servcies/xxxxx/xxxxxxxx/xxxxx
       channel: ''

Alert States:

  • Inactive
  • Pending
  • Firing

How to Install kubernetes on ubuntu 20.04 step by step

If you are looking to dive into the Kubernetes world, learning how to install Kubernetes is equally important.

Kubernetes is more than just management of containers as it keeps the load balanced between the cluster nodes, provides a self-healing mechanism, zero downtime deployment capabilities, automatic rollback, and many more features.

Let’s dive into this tutorial and learn how to install Kubernetes on ubuntu 20.04.

Join 46 other followers

Table of Content

Prerequisites

  • Two Ubuntu machines, one for Kubernetes Master and the other for Kubernetes enslaved person or worker node.
  • On both the Linux machines, make sure Inbound and outbound rules are all open to the world as this is the demonstration.

In the production environment for the control Panel and worker node needs following ports to be open: Master 6443,10250/10251/10252 2379,2380 [All Inbound] and for worker node 30000-32767

  • Docker is installed on both the Ubuntu machines. To check if docker is running, use the below command.

You may incur a small charge for creating an EC2 instance on Amazon Managed Web Service.

service docker status
Checking the docker status
Checking the docker status

Setup Prerequisites for Kubernetes installation on ubuntu 18.04 machine

Before installing Kubernetes on Ubuntu, you should first run through a few prerequisite tasks to ensure the installation goes smoothly.

To get started, open your favorite SSH client, connect to MASTER and Worker node and follow along.

  • Install transport-https and curl package using apt-get install the command. Transport-https package allows the use of repositories accessed via the HTTP Secure protocol, and curl allows you to transfer data to or from a server or download, etc.
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
Installing the transport-https and curl package on each ubuntu system
Installing the transport-https and curl package on each ubuntu system
  • Add the GPG key for the official Kubernetes repository to your system using curl command.
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
  • Add the Kubernetes repository to APT sources and update the system.
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update

You can also use sudo apt-add-repository “deb http://apt.kubernetes.io/ kubernetes-xenial main” command to add the kubernetes repository

  • Finally, rerun the sudo apt update command to read the new package repository list and ensure all of the latest packages are available for installation.

Installing Kubernetes on the Master and Worker Nodes

Now that you have the prerequisite packages installed on both MASTER and WORKER, it’s time to set up Kubernetes. Kubernetes consists of three packages/tools, kubeadmkubelet, and kubectl. Each of these packages contains all of the binaries and configurations necessary to set up a Kubernetes cluster.

Assuming you are still connected to the MASTER and Worker node via SSH:

  • Now Install Kubectl ( which manages cluster), kubeadm (which starts cluster), and kubelet ( which manages Pods and containers) on both the machines.
sudo apt-get install -y kubelet kubeadm kubectl
Installing the kubeadm kubelet kubectl package/tool on each ubuntu machine
Installing the kubeadm kubelet kubectl package/tool on each ubuntu machine

If you don’t specify the runtime, then kubeadm automatically detects an installed container. For Docker runtime the Path to Unix socket is /var/run/docker.sock & for containerd it’srun/containerd/containerd.sock

Initialize Kubernetes cluster

Now that you have Kubernetes installed on your controller node and worker node. But unless you initialize it, it is doing nothing. Kubernetes is initialized on the controller node; let’s do it.

  • Initialize your Cluster using Kubeadm init command on the Controller node, i.e., the control panel node.

The below command tells Kubernetes the IP address where its kube-apiserver is located with the --apiserver-advertise-address parameter. In this case, that IP address is the controller node itself.

The command below also defines the range of IP addresses to use for the pod network using the -pod-network-cidr parameter. The pod network allows pods to communicate with each other. Setting the pod network like this will automatically instruct the controller node to assign IP addresses for every node.

kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.111.4.79
THE MASTER NODE STARTS THE CLUSTER AND ASKS YOU TO  JOIN YOUR WORKER NODE
THE CONTROLLER NODE STARTS THE CLUSTER AND ASKS YOU TO JOIN YOUR WORKER NODE
  • Once your controller node that is the control panel is started is initialized, run the below commands on Controller Node to run the Kubernetes cluster with a regular user.
# Run the below commands on Master Node to run Kubernetes cluster with a regular user
# Creating a directory that will hold configurations such as the admin key files, which are required to connect to the cluster, and the cluster’s API address.
   mkdir -p $HOME/.kube
   # Copy all the admin configurations into the newly created directory 
   sudo cp -i /etc/Kubernetes/admin.conf $HOME/.kube/config
   # Change the user from root to regular user that is non-root account
   sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubeadm join I0.111.4.79:6443 --token: zxicp.......................................
  • After running the command, the worker node joins the control panel successfully.
WORKER NODE JOINS THE CLUSTER
WORKER NODE JOINS THE CLUSTER
  • Now, verify the nodes on your controller node by running the kubectl command as below.
kubectl get nodes
Checking the kubernetes nodes
Checking the Kubernetes nodes
  • You will notice that the status of both the nodes is NotReady because there is no networking configured between both the nodes. To check the network connectivity, run the kubectl command as shown below.
kubectl get pods --all-namespaces
  • Below, you can see that coredns pod is in Pending, which configures network connecting between both the nodes. To configure the networking, they must be in Running status.
Checking the kubernetes Pods
Checking the Kubernetes Pods

To fix the networking issue, you will need to Install a Pod network on the cluster so that your Pods can talk to each other. Let’s do that !!

Install a Pod network on the cluster

Earlier, you installed Kubernetes on the Controller node, and the worker node was able to join it, but to establish the network connectivity between two nodes, you need to deploy a pod network on the Controller node, and one of the most widely used pod networks is Flannel. Let’s deploy it with the kubectl apply command.

Kubernetes allows you to set up pod networks via YAML configuration files. One of the most popular pod networks is called Flannel. Flannel is responsible for allocating an IP address lease to each node.

The Flannel YAML file contains the configuration necessary for setting up the pod network.

  • Run the below kubectl apply command on the Controller node.
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
  • After running this command, you will see the below output.
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
  • Now re-run kubectl commands to verify if both the nodes are in ready status and the coredns pod is running.
kubectl get nodes
kubectl get pods --all-namespaces
kubernetes network is setup
Kubernetes network is set up.
  • To check the cluster status, run the kubectl cluster-info command.
Checking the Kubernetes cluster status

Join 46 other followers

Conclusion

You should now know how to install Kubernetes on Ubuntu. Throughout this tutorial, you walked through each step to get a Kubernetes cluster set up and deploy your first application. Good job!

Now that you have a Kubernetes cluster set up, what applications will you deploy next to it?

AWS News: Amazon Launches Online Metaverse Amazon Games (AWS Cloud Quest)

Are you already an AWS Engineer or developer looking to utilize your skills while playing Games? Does that sound interesting?

You heard it right; recently, Amazon launched an Online metaverse-like game based on role-playing AWS Cloud Quest so that you can utilize your theoretical knowledge in practicals.

Metaverse means a virtual reality space in which users can interact with a computer-generated environment and other users.

AWS Cloud Quest helps in learning and passing the AWS Cloud Practitioner program. It’s a game that helps you learn cloud computing skills and become a cloud practitioner.

Cloud Quest is the most unexplored way to build your aws skills, taught by hands-on practice, using a reward system that allows users to collect gems in their quest to solve challenges.

It is a 3D online role-playing game today where players move through a virtual city, helping people solve real-world technology issues and cloud use cases to build Amazon Web Services (AWS) cloud skills and prepare for the AWS Certified Cloud Practitioner exam.

  • There are tons of customizations, unique challenges which makes Cloud Quest an ultra friendly way to develop and learn cloud computing skills at the AWS Cloud Practioner level.
  • You can choose the Avtar of your chooice.
  • Understand solutions Requirements with Real world Problems

Cloud Quest has 12 essential assignments going from cloud computing essentials to file systems and finally towards highly available applications.

If you are interested in utilizing or understanding the AWS cloud skills, definitely try it.

The Ultimate Ansible tutorial with Ansible Playbook Examples

Are you tired of managing multiple hosts manually? It’s time to learn and automate configuration management with Ansible with this Ultimate Ansible tutorial with Ansible Playbook Examples.

Ansible is the most popular and widely used automation tool to manage configuration changes across your on-prem and cloud resources.

In this article, you’re going to learn everything you should know about Ansible and will get a jump start on running your Ansible commands and Ansible Playbooks!

Let’s get started!

Join 46 other followers

Table of Contents

  1. What is Ansible?
  2. Ansible Architecture Diagram and Ansible components
  3. Ansible Inventory
  4. Ansible Adhoc command
  5. What is Ansible playbook and Ansible playbook examples!
  6. Executing Ansible when conditional using Ansible playbook
  7. Ansible Variables and Dictionary
  8. Ansible Error Handling
  9. Ansible Handlers
  10. Ansible Variables
  11. Ansible Tags
  12. Ansible Debugger
  13. What are Ansible Roles and a Ansible roles examples?
  14. Conclusion

Join 46 other followers

What is Ansible?

Ansible is an IT automation tool and is most widely used for deploying applications and system configurations easily on multiple servers, either hosted on a data center or on Cloud, etc.

Ansible is an agentless automation tool that manages machines over the SSH protocol by default. Once installed, Ansible does not require any database, no daemons to start or keep running.

Ansible uses inbuilt ansible ad hoc command and Ansible Playbooks to deploy the changes. Ansible Playbooks are YAML-based configuration files that you will see later in the tutorial in depth.

Ansible Architecture Diagram and Ansible components

Now that you have a basic idea about what is Ansible? Let’s further look at Ansible Architecture Diagram and Ansible components that will give you how Ansible works and the components Ansible requires.

Ansible Control Node

Ansible Control Node, also known as Ansible Controller host, is the server where Ansible is installed. This node executes all the Ansible ad hoc commands and Ansible playbooks. /commands. You can have multiple Control nodes but not windows. Must have Python Installed.

Ansible Remote Node or Ansible Managed Nodes

Ansible remote nodes or Ansible managed nodes are the servers or network devices on which you deploy applications or configurations using the Ansible ad hoc commands or playbook. These are also known as Ansible hosts.

Ansible Inventory

Ansible inventory is the file on the Ansible controller host or control node, which contains a list of all the remote hosts or managed nodes.

Ansible Core

Ansible core modules or ansible-core are the main building block and architecture for Ansible, including CLI tools such as ansible-playbook, ansible-doc, and interacting with automation.

The Ansible core modules are owned and managed by the core ansible team and will always ship with ansible itself.

Ansible Modules

Ansible modules or Ansible core modules are the code plugins or libraries plugins that can be used from the command line or a playbook task. Ansible executes each module, usually on the remote managed node, and collects return values.

Ansible Collections

Ansible Collections are a distribution format for Ansible content. Using collections, you can package and distribute playbooks, roles, modules, and plugins. A typical collection addresses a set of related use cases. You can create a collection and publish it to Ansible Galaxy or a private Automation Hub instance.

Ansible Task

Ansible Task is a unit of action executed when running the Ansible Playbook. Ansible Playbook contains one or more Ansible tasks.

Ansible Architecture Diagram and Ansible components
Ansible Architecture Diagram and Ansible components

Ansible Inventory

Ansible works against Ansible remote nodes or hosts to create or manage the infrastructure, but how does Ansible know those Ansible remote nodes? Yes, you guessed it right. Ansible Inventory is a file containing the list of all Ansible remote nodes or remote nodes grouped together, which Ansible uses while deploying or managing the resources.

The default location for Ansible inventory is a file called /etc/ansible/hosts. You can specify a different inventory file using the -I <path> option at the command line. Ansible Inventory is declared in two formats, i.e., INI and YAML.

Ansible installed on the control node communicates with remote nodes over SSH Protocol.

Related: working-with-ssh-connectivity

  • Ansible inventory in ini format is declared as shown below.
           automate2.mylabserver.com
           [httpd]
           automate3.mylabserver.com
           automate4.mylabserver.com
           [labserver]
           automate[2:6].mylabserver.com
  • Ansible inventory in YAML format is declared as shown below.
           all:
             hosts:
                automate2.mylabserver.com
             children:
                 httpd:
                   hosts:
                     automate3.mylabserver.com
                     automate4.mylabserver.com
                 labserver:
                    hosts:
                     automate[2:6].mylabserver.com

Ansible Adhoc command

If you plan to create, launch, deploy, or work with a single configuration file such as restarting an nginx service, a reboot of the machine, copying a file to a remote machine, starting or stopping any particular service, etc. on Ansible remote node then running ad hoc commands will suffice.

Ad hoc commands are a quick and efficient way to run a single command on Ansible remote nodes. Let’s quickly learn how to run Ansible Adhoc commands.

  • To ping all the Ansible remote nodes using Ansible Adhoc command.
ansible all -m ping            # Ping Module to Ping all the nodes
ping all the Ansible remote nodes
ping all the Ansible remote nodes
  • To run echo command on all the Ansible remote nodes using Ansible Adhoc command.
ansible all -a "/bin/echo Automate"  # Echo Command to Provide the output
echo command on all the Ansible remote nodes
echo command on all the Ansible remote nodes
  • To check uptime of all the Ansible remote nodes using Ansible Adhoc command.
ansible all -a /usr/bin/uptime   # Provides the Uptime of the Server
checking uptime of all the Ansible remote nodes
checking uptime of all the Ansible remote nodes
  • To create a user on a Ansible remote node using Ansible adhoc command.
ansible all -m ansible.builtin.user -a "name=name password=password" -b
creating Linux user on Ansible remote node
creating Linux user on Ansible remote node
  • To install Apache nginx service on all the Ansible remote nodes using Ansible Adhoc command.
# b is to become root and gain the root privileges
ansible all -m apt -a  "name=apache2 state=latest" -b  
  • To start Apache nginx service on all the Ansible remote nodes using Ansible Adhoc command.
ansible all -m ansible.builtin.service -a "name=apache2 state=started"
start Apache nginx service on all the Ansible remote nodes
start Apache nginx service on all the Ansible remote nodes
  • To reboot all the remote nodes that are part of america-servers group in Ansible inventory using Ansible adhoc command.
    • america-servers is a group of hosts which is saved in /etc/hosts.
    • To run a command use -a flag.
    • “/sbin/reboot” is to command to reboot the machine
    • -f is used to simultenously execute command on 100 servers.
    • -u is used to run this using a different username.
    • –become is used to run as a root.
ansible america-servers -a "/sbin/reboot"  -f 100 -u username --become

What is Ansible playbook and Ansible playbook examples!

Ansible playbooks are used to deploy complex applications, offer reusable and simple configuration management, offer multi-machine deployments, and perform multiple tasks multiple times. Ansible playbooks are written in YAML format containing multiple tasks and executed in sequential order.

Let’s learn how to declare the Ansible playbook to install Apache on the remote node.

# Playbook apache.yml
---
- name: Installing Apache service 
  hosts: my_app_servers                                  # Define all the hosts
  remote_user: ubuntu                                    # Remote_user is ubuntu
  # Defining the Ansible task
  tasks:                                                  
  - name: Install the Latest Apache
    apt:
      name: httpd
      state: latest
  • Before you run your first Ansible playbook using ansible-playbook command make sure to verify the Playbook to catch syntax errors and other problems before you run them using below command.
ansible-playbook apache.yml --syntax-check
executing ansible-playbook
executing ansible-playbook
  • To verify the playbook in detailed view run the ansible-lint command.
ansible-lint apache.yml
verify the playbook in detailed view
verify the playbook in the detailed view
  • To verify the Ansible playbook run the below command with –check flag.
ansible-playbook apache.yml --check
verify the Ansible playbook with --check flag
verify the Ansible playbook with –check flag
  • Finally execute the Ansible playbook using the below command.
ansible-playbook apache.yml 
 execute the Ansible playbook
execute the Ansible playbook
  • If you intend to install and start the Apache service using Ansible Playbook, copy/paste the below content and run the ansible-playbook command.
# Playbook of apache installation and service startup
---
- name: Install and start Apache service 
  hosts: my_app_servers                                  # Define all the hosts
  remote_user: ubuntu                                    # Remote_user is ubuntu
 # Defining the tasks
  tasks:                                                 
  - name: Install the Latest Apache
    apt:
      name: httpd
      state: latest
  - name: Ensure apache2 serice is running
    service:  
      name: apache2
      state: started
    become: yes                   # if become is set to yes means it has activated privileges
    become_user: ubuntu    # Changes user to ubuntu and by default it is root

Executing Ansible when conditional using Ansible playbook

The Ansible when is a Jinja2 expression that evaluates the test or the condition for all remote nodes and wherever the test passes (returns a value of True), run the Ansible task or Ansible playbook on that host.

  • In the below Ansible Playbook there are four tasks i.e
    • To check the latest version
    • Ensuring Apache service is running
    • Creating users with_item
    • Finally editing the file only when ip matches using Ansible when.
---
- name: update web servers
  hosts: webserver
  remote_user: ubuntu

  tasks:
   - name: ensure apache is at the latest version
     apt:
       name: apache2
       state: latest

   - name: Ensure apache2 serice is running
     service:
        name: apache2
        state: started
     become: yes
 
   - name: Create users
     user:
         name: "{{item}}"
     with_items:
      -bob
      -sam
      -Ashok
 
   - name: Edit the text file
     lineinfile:
     path:  /tmp/file
     state: present
     line:  "LogLevel debug"
     when:
     - ansible_hostname == "ip-10-111-4-18" 
  • Finally execute the Ansible playbook using the below command.
ansible-playbook apache.yml 
execute the Ansible playbook
execute the Ansible playbook

In case you have a common parent layer then you don’t need to declare common things every time in the Ansible task as it automatically inherits directives applied at the block level.

In the below example, Ansible when, Ansible become Ansible become_user, ignore_errors are common for the entire block.

---
- name: update web servers
  hosts: webserver
  remote_user: ubuntu

  tasks:
   - name: Install, configure and start Apache
     block:
      - name: Install apache
        apt:
          name: apache2
          state: present
      - name: Ensure apache2 serice is running
        service:
           name: apache2
           state: started
    # Below Directives are common for entire block i.e all tasks
     when: ansible_facts['distribution'] == "Debian" 
     become: true
     become_user: root
     ignore_errors: yes
Execute the Ansible playbook using Ansible when
Execute the Ansible playbook using Ansible when

Ansible Variables and Dictionary

In this section, let’s quickly look into how Ansible loops iterate over a dictionary item and convert it into list items.

  • Create another playbook named abc.yaml and copying the code below.
# Playbook using iterating over a dictionary

 - name: Add several users 
   ansible.builtin.user: 
      name: "{{ item.name }}" 
      state: present 
      groups: "{{ item.groups }}" 
   loop: 
     - { name: 'automate1', groups: 'root' }
     - { name: 'automate2', groups: 'root' } 
  • Now execute the Ansible Playbook using the below command.
ansible-playbook abc.yaml

As you can see below, the Dictionary items have been converted into the List.

Ansible Playbook containing Ansible variables and dictionary
Ansible Playbook containing Ansible variables and dictionary

Ansible Error Handling

When Ansible receives a non-zero return code from a command or a failure from a module, by default, it stops executing on that host and continues on other hosts. Still, at times, a non-zero return code indicates success, or you want a failure on one host to stop execution on all hosts.

Ansible uses Error handling to work with the above conditions to handle these situations and help you get the behavior and output you want.

  • Create below playbook named main.yml and copy/paste the below code and execute the playbook. The below task perform various tasks such as:
    • One of the Ansible tasks prints a message “i execute normally”
    • Fails a task
    • One task will not proceed
ansible-playbook main.yml
---
- name: update web servers
  hosts: localhost
  remote_user: ubuntu
  tasks:
  - name: Ansible block to perform error handling 
    block:

      - name: This task prints a message i execute normally
        ansible.builtin.debug:
          msg: 'I execute normally'

      - name: This task will fail
        ansible.builtin.command: /bin/false

      - name: This task will not proceed due to the previous task failing
        ansible.builtin.debug:
          msg: 'I never execute, '

    rescue:
      - name: Print when errors
        ansible.builtin.debug:
          msg: 'I caught an error, can do stuff here to fix it'

    always:
      - name: Always do this
        ansible.builtin.debug:
          msg: 'This executes always'
Ansible Playbook with Ansible Error Handling
Ansible Playbook with Ansible Error Handling

Ansible Handlers

Ansible handlers are used when you need to perform any task only when notified. You add all the tasks inside the handler block in Ansible Playbook, and Ansible handlers run whenever notify calls them.

For example, whenever there is any update or change in configuration or restarting, the service is required. Ansible Handlers run when they are notified.

In the below example, if there are changes in the /tmp/file.txt, the apache service is restarted. Ansible Handler will restart the Apache service only when the lineinfile task notifies it.

---
- name: update web servers
  hosts: webserver
  remote_user: ubuntu
 
  tasks:
   - name: ensure apache is at the latest version
     apt:
      name: apache2
      state: latest

   - name: Ensure apache2 serice is running
     service:
        name: apache2
       state: started
     become: yes

# Edit the text file using lineinfile module
   - name: Edit the text file 
      lineinfile:
       path:  /tmp/file.txt
       state: present
       line:  "LogLevel debug"
      when:
        - ansible_hostname == "ip-10-111-4-18"
      notify:
      -  Restart Apache

  handlers:
   - name: Restart Apache
     ansible.builtin.service:
       name: apache2
       start: restarted 
Ansible Playbook with Ansible Handlers
Ansible Playbook with Ansible Handlers

Ansible Variables

Ansible uses Ansible variables to manage multiple configurations with various attributes. With Ansible, you can execute tasks and playbooks on multiple systems with a single command with variations among different systems.

Ansible variables are declared with standard YAML syntax, including lists and dictionaries. There are lots of ways in which you can set your Ansible variables inside the ansible-play; let’s learn by:

  • Defining Ansible variable normally
  • Defining Ansible variables from file
  • Defining Ansible variables from roles
  • Defining Ansible variable at run time
---
- name: update web servers
  hosts: webserver
  remote_user: ubuntu
  remote_install_path: /tmp/mypath       # Defining Simple Variable      ~1
  vars:                                  # Defining Variables from Role  ~2
     favcolor: blue   
  vars_files:                           # Defining Variables from file   ~3  
     - /vars/external_vars.yml
 
  tasks:
   - name: Check Config
     ansible.builtin.template:
       src: my.cfg.j2
       dest: '{{remote_install_path}}/my.cfg'
  • Defining Ansible variable at run time with key : value format
ansible-playbook myplaybook.yml --extra-vars "version=1.23.45 other_variable=auto"
  • Defining Ansible variable at run time with JSON format
ansible-playbook myplaybook.yml --extra-vars '{"version":"1.23.45","other_variable":"auto"}'

Ansible Tags

When you need to run specific tasks in the Ansible playbook, you need to consider using Ansible Tags. Ansible tags are applied on Ansible blocks level, Ansible playbook, Ansible task, or at Ansible role level.

Let’s learn how to add Ansible Tags at different levels.

  • Adding Ansible Tags to individual Ansible tasks.
---
 - hosts: appservers
   tasks:
   - name: Deploy App Binary
     copy:
	   src: /tmp/app.war
	   dest: /app/
	   
	tags: 
	  - apptag          # Applying Ansible Tag to task 1
	 
 - hosts: dbserver	   
   tasks:
   - name: Deploy DB Binary
     copy: 
       src: /tmp/db.war`
       dest: /db
     tags:   	         # Applying Ansible Tag to task 2
       - dbtag
  • Adding Ansible Tags to Ansible block.
tasks:
- block:
  tags: ntp                     # Applying Ansible Tags to Ansible block
  - name: Install ntp
    ansible.builtin.yum:
      name: ntp
      state: present

  - name: Enable and run ntpd
    ansible.builtin.service:
      name: ntpd
      state: started
      enabled: yes
  • Adding Ansible Tags to Ansible Playbook.
- hosts: all
  tags: ntp                     #  Applying Ansible Tags to Ansible Playbook
  tasks:
  - name: Install ntp
    ansible.builtin.yum:
      name: ntp
      state: present

Ansible Debugger

Ansible provides a debugger to fix errors during execution instead of editing it and then running.

  • Using Ansible debugger on a Ansible task.
- name: Execute a command
  ansible.builtin.command: "false"
  debugger: on_failed
Ansible debugger in Ansible Playbook
Ansible debugger in Ansible Playbook
  • Using Ansible debugger on a Ansible Playbook.
- name: My play
  hosts: all
  debugger: on_skipped
  tasks:
    - name: Execute a command
      ansible.builtin.command: "true"
      when: False

  • Using Ansible debugger on a Ansible Playbook and Ansible task.
- name: Play
  hosts: all
  debugger: never
  tasks:
    - name: Execute a command
      ansible.builtin.command: "false"
      debugger: on_failed

What are Ansible Roles and a Ansible roles examples

Ansible Roles is a way to structurally maintain your Ansible playbooks, i.e., it lets you load the variables from files, variables, handlers, tasks based on the structure. Similar to the Ansible modules, you can create different Ansible roles and reuse them as many times as you need.

  • Let’s look at what an Ansible Role directory structure looks like.
    • Tasks : This directory contains one or more files with tasks . These file can also refer to files and templates without needing to provide the exact path.
    • Handlers: Add all your handlers in this directory
    • Files: This directory contains all your static files and scripts that might be copied or executed to remote machine.
    • Templates: This directory is reserved for templates that generate files on remote hosts.
    • Vars: You define variables inside this directory and then can be referenced elsewhere in role.
    • defaults: This directory lets you define default variables for included or dependent role.
    • meta: This directory is used for dependency management such as dependency roles.
Ansible Role directory structure
Ansible Role directory structure

Join 46 other followers
  • Creating a Sample Ansible Playbook as shown below which you will break in different file to understand how Ansible role has file structure.
--- 
- hosts: all 
  become: true 
  vars: 
    doc_root: /var/www/example 
  tasks: 
    - name: Update apt 
      apt: update_cache=yes 
 
    - name: Install Apache 
      apt: name=apache2 state=latest 
 
    - name: Create custom document root 
      file: path={{ doc_root }} state=directory owner=root group=root  
 
    - name: Set up HTML file 
      copy: src=index.html dest={{ doc_root }}/index.html owner=root group=root mode=0644 
 
    - name: Set up Apache virtual host file 
      template: src=vhost.tpl dest=/etc/apache2/sites-available/000-default.conf 
      notify: restart apache 
 
  handlers: 
    - name: restart apache 
      service: name=apache2 state=restarted
  • Let’s break the playbook that you created previously into Ansible roles by:
    • Creating a directory named roles inside home directory.
    • Creating a directory named apache inside roles inside home directory.
    • Creating a directory named defaults, tasks, files, handlers, vars, meta, templates inside apache
  • Create main.yml inside ~/roles/apache/tasks directory.
---    
- name: Update apt
      apt: update_cache=yes

    - name: Install Apache
      apt: name=apache2 state=latest

    - name: Create custom document root
      file: path={{ doc_root }} state=directory owner=www-data group=www-data

    - name: Set up HTML file
      copy: src=index.html dest={{ doc_root }}/index.html owner=www-data group=www-data mode=0644

    - name: Set up Apache virtual host file
      template: src=vhost.tpl dest=/etc/apache2/sites-available/000-default.conf
      notify: restart apache
  • Create main.yml inside ~/roles/apache/handlers directory.
---
handlers:
    - name: restart apache
    service: name=apache2 state=restarted
  • Create index.html inside ~/roles/apache/files directory.
<html>
<head><title>Configuration Management Hands On</title></head>
<h1>This server was provisioned using Ansible</h1>
</html>
  • Create vhost.tpl inside cd ~/roles/apache/templates
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot {{ doc_root }}

<Directory {{ doc_root }}>
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
  • Create main.yml inside cd ~/roles/apache/meta
---
dependencies:
  - apt
  • Create my_app.yml inside home directory
---
- hosts: all
  become: true
  roles:
    - apache
  vars:
    - doc_root: /var/www/example

Join 46 other followers

Conclusion

In this Ultimate Guide, you learned what is Ansible, Ansible architecture, and understood Ansible roles and how to declare Ansible Playbooks.

Now that you have gained a handful of Knowledge on Ansible, what do you plan to deploy using it?

The Ultimate Kubernetes Interview questions for Kubernetes Certification (CKA)

If you are preparing for a DevOps interview or for Kubernetes Interview questions or Kubernetes Certification, consider marrying this Ultimate Kubernetes Interview questions for Kubernetes Certification (CKA) tutorial, which will help you forever in any Kubernetes interview.

Without further delay, let’s get into this Kubernetes Interview questions for Kubernetes Certification (CKA).

Join 46 other followers

Table of Content

Related: Kubernetes Tutorial for Kubernetes Certification [PART-1]

Related: Kubernetes Tutorial for Kubernetes Certification [PART-2]

PAPER-1

Q1. How to create kubernetes namespace using kubectl command.

Answer: Kubernetes namespace can be created using the kubectl create command.

kubectl create namespace namespace-name

Q2. How to create a kubernetes namespace named my-namespace using a manifest file?

Answer: Create the file named namespace.yaml as shown below.

apiVersion: v1
kind: Namespace
metadata: 
    name: my-namespace
  • Now execute the below kubectl command as shown below.
kubectl create -f namespace.yaml
Creating the Kubernetes namespace(my-namespace)
Creating the Kubernetes namespace(my-namespace)

Q3. How to switch from one Kubernetes namespace to another Kubernetes namespace ?

Answer: To switch beetween two kubernetes namespaces run the kubectl config set command.

kubectl config set-context $(kubectl config current-context) --namespace my-namespace2
switch from one Kubernetes namespace to other Kubernetes namespace
switch from one Kubernetes namespace to another Kubernetes namespace

Q4. How To List the Kubernetes namespaces in a Kubernetes cluster ?

Answer: Run the kubectl get command as shown below.

kubectl get namespaces

Q5. How to create the Kubernetes namespaces in a Kubernetes cluster ?

Answer: Execute the below kubectl command.

kubectl create namespace namespace-name

Q6. To delete kubernetes namespace using kubectl command ?

Answer: kubectl delete command allows you to delete the Kubernetes API objects.

kubectl delete namespaces namespace-name

Q7. How to create a new Kubernetes pod with nginx image?

Answer: Use Kubectl run command to launch a new Kubernetes Pod.

kubectl run nginx-pod --image=nginx
Running kubectl run command to create a new Pod.
Running kubectl run command to create a new Pod.

Q8. How to Create a new Kubernetes pod in different Kubernetes namespace?

Answer: Use Kubectl run command to launch a new Kubernetes Pod followed by namspace flag.

kubectl run nginx-pod --image=nginx --namespace=kube-system
Creating a new Kubernetes pod in different Kubernetes namespace
Creating a new Kubernetes pod in a different Kubernetes namespace

Q9. How to check the running Kubernetes pods in the Kubernetes cluster?

Answer:

kubectl get pods
Checking the running Kubernetes pods
Checking the running Kubernetes pods

Q10. How to check the running Kubernetes pods in the Kubernetes cluster in different kubernetes namespace?

Answer:

 kubectl get pods  --namespace=kube-system | grep nginx
Checking the running Kubernetes pods in different kubernetes namespace
Checking the running Kubernetes pods in different kubernetes namespace

Q11. How to check the Docker image name for a running Kubernetes pod and get all the details?

Answer: Execute the kubernetes describe command.

kubectl describe pod-name
Describing the kubernetes Pod
Describing the kubernetes Pod

Q12. How to Check the name of the Kubernetes node on which Kubernetes pods are deployed?

Answer:

kubectl get pods -o wide
Checking the name of the Kubernetes node
Checking the name of the Kubernetes node

Q13. How to check the details of docker containers in the Kubernetes pod ?

Answer:

kubectl describe pod pod-name
Checking the details of docker containers
Checking the details of docker containers

Q14. What does READY status signify in kubectl command output?

Answer: The READY status gives the stats of the number of running containers and the total containers in the cluster.

kubectl get pod -o wide command
Checking the Ready Status
Checking the Ready Status

Q15. How to delete the Kubernetes pod in the kubernetes cluster?

Answer: Use the kubectl delete command.

kubetcl delete pod webapp
Deleting the Kubernetes pod
Deleting the Kubernetes pod

Q16. How to edit the Docker image of the container in the Kubernetes Pod ?

Answer: Use the Kubernetes edit command.

kubectl edit pod webapp

Q17. How to Create a manifest file to launch a Kubernetes pod without actually creating the Kubernetes pod?

Answer: –dry-run=client flag should be used

kubectl run nginx --image=nginx --dry-run=client -o yaml > my-file.yaml
launch a Kubernetes pod without actually creating the Kubernetes pod
launch a Kubernetes pod without actually creating the Kubernetes pod

Q18. How to check the number of Kubernetes Replicasets running in the kubernetes cluster ?

Answer: Run Kubectl get command.

kubectl get rs
kubectl get replicasets
Checking the Replicasets in kubernetes cluster
Checking the Replicasets in kubernetes cluster

Q19. How to find the correct version of the Kubernetes Replicaset or in Kubernetes deployments ?

Answer:

kubectl explain rs | grep VERSION
Finding the Kubernetes replicaset or kubernetes deployment version
Finding the Kubernetes replicaset or kubernetes deployment version

Q20. How to delete the Kubernetes Replicasets in the Kubernetes cluster?

Answer: Run the below command.

kubectl delete rs replicaset-1 replicaset-2
delete the Kubernetes Replicasets
delete the Kubernetes Replicasets

Q21. How to edit the Kubernetes Replicasets in the Kubernetes cluster?

Answer: Run the below command.

kubectl edit rs replicaset-name

Q22. How to Scale the Kubernetes Replicasets in the Kubernetes cluster?

Answer: To scale the Kubernetes Replicasets you can use any of three below commands.

kubectl scale  --replicas=5 rs rs_name
kubectl scale --replicas=6 -f file.yml # Doesnt change the number of replicas in the file.
kubectl replace -f file.yml

Q23. How to Create the Kubernetes deployment in the kubernetes Cluster?

Answer: Use the kubernetes create command.

kubectl create deployment nginx-deployment --image=nginx
Create the Kubernetes deployment
Creating the Kubernetes deployment
kubectl create deployment my-deployment --image=httpd:2.4-alpine
Create the Kubernetes deployment
Creating the Kubernetes deployment

Q24. How to Scale the Kubernetes deployment in the kubernetes Cluster?

Answer:

kubectl scale deployment my-deployment --replicas=3
Scaling the Kubernetes deployment
Scaling the Kubernetes deployment

Q25. How to Edit the Kubernetes deployment in the kubernetes Cluster?

Answer:

kubectl edit deployment my-deployment
Editing the Kubernetes deployment
Editing the Kubernetes deployment

Q26. How to Describe the Kubernetes deployment in the kubernetes Cluster?

Answer:

kubectl describe deployment my-deployment
 Describing the Kubernetes deployment
Describing the Kubernetes deployment

Q27. How to pause the Kubernetes deployment in the kubernetes Cluster?

Answer: Use the Kubectl rollout command.

kubectl rollout pause deployment.v1.apps/my-deployment
Pausing the kubernetes deployment
Pausing the kubernetes deployment
Viewing the Paused kubernetes deployment
Viewing the Paused kubernetes deployment

Q28. How to resume the Kubernetes deployment in the kubernetes Cluster?

Answer:

kubectl rollout resume deployment.v1.apps/my-deployment
Resuming the Kubernetes deployment
Resuming the Kubernetes deployment

Q29. How to check the history the Kubernetes deployment in the kubernetes Cluster?

Answer:

For Incorrect Kubernetes deployments such as an incorrect image the deployment crashes. Make sure to stop the deployment using cltr + c and execute rollout history command.

kubectl rollout history deployment.v1.apps/nginx-deployment

Q30. How to rollback to the previous kubernetes deployment version which was stable in the kubernetes Cluster?

Answer: Run the undo command as shown below.

kubectl rollout undo deployment.v1.apps/nginx-deployment

Q31. How to Create a manifest file to create a Kubernetes deployment without actually creating the Kubernetes deployment?

Answer: use the –dry-run=client command.

kubectl create deployment nginx --image=nginx --dry-run=client -o yaml
Creating the kubernetes deployment manifest file
Creating the kubernetes deployment manifest file

Q32. How to Create a manifest file to create a Kubernetes deployment with Replicasets without actually creating the Kubernetes deployment?

Answer: use the –dry-run=client command.

kubectl create deployment nginx --image=nginx --replicas=4 --dry-run=client -o yaml
Creating the kubernetes deployment with replicasets with manifest file
Creating the kubernetes deployment with replicasets with manifest file

Q33. How to Create a Kubernetes service using manifest file ?

Answer: Create the kubernetes file and then run kubernetes create commnad.

kubectl create -f service-defination.yml

Q34. How to Check running Kubernetes service in the kubernetes cluster?

Answer: To check the running Kubernetes services in the kubernetes cluster run below command.

kubectl get svc
kubectl get services
Checking Kubernetes service in kubernetes cluster
Checking Kubernetes service in kubernetes cluster

Q35. How to Check details of kubernetes service such as targetport, labels, endpoints in the kubernetes cluster?

Answer:

kubectl describe service 
Describing the Kubernetes service in kubernetes cluster
Describing the Kubernetes service in kubernetes cluster

Q36. How to Create a Kubernetes NodePort service in the kubernetes cluster?

Answer: Run kubectl expose command.

kubectl expose deployment nginx-deploy --name=my-service --target-port=8080 --type=NodePort --port=8080 -o yaml -n default  # Make sure to add NodePort seperately
 Kubernetes NodePort service
Kubernetes NodePort service

Q37. How to Create a Kubernetes ClusterIP service named nginx-pod running on port 6379 in the kubernetes cluster?

Answer: Create a pod then expose the Pod using kubectl expose command.

kubectl run nginx --image=nginx --namespace=kube-system
kubectl expose pod --port=6379 --name nginx-pod -o yaml --namespace=kube-system
Creating the Kubernetes Pods
Creating the Kubernetes Pods
 Kubernetes ClusterIP service
Kubernetes ClusterIP service
Verifying the Kubernetes ClusterIP service
Verifying the Kubernetes ClusterIP service

Q38. How to Create a Kubernetes ClusterIP service named redis-service in the kubernetes cluster?

Answer:

kubectl create service clusterip --tcp=6379:6379  redis-service --dry-run=client -o yaml
Creating the Kubernetes ClusterIP
Creating the Kubernetes ClusterIP

Q39. How to Create a Kubernetes NodePort service named redis-service in the kubernetes cluster?

Answer: kubectl expose command.

kubectl create service nodeport --tcp=6379:6379  redis-service  -o yaml
Creating the Kubernetes NodePort
Creating the Kubernetes NodePort

Q40. How to save a Kubernetes manifest file while creating a Kubernetes depployment in the kubernetes cluster?

Answer: Use > nginx-deployment.yaml

kubectl create deployment nginx --image=nginx --dry-run=client -o yaml > nginx-deployment.yaml

Join 46 other followers

Related: Kubernetes Tutorial for Kubernetes Certification [PART-1]

Related: Kubernetes Tutorial for Kubernetes Certification [PART-2]

Conclusion

In this Ultimate guide (Kubernetes Interview questions for Kubernetes Certification (CKA), you had a chance to revise everything you needed to pass and crack the Kubernetes interview.

Now that you have sound knowledge of Kubernetes and are ready for your upcoming interview.

Kubernetes Tutorial for Kubernetes Certification [PART-2]

In the previous Kubernetes Tutorial for Kubernetes Certification [PART-1], you got a jump start into the Kubernetes world; why not gain a more advanced level of knowledge of Kubernetes that you need to become a Kubernetes pro.

In this Kubernetes Tutorial for Kubernetes Certification [PART-2] guide, you will learn more advanced levels of Kubernetes concepts such as Kubernetes deployment, kubernetes volumes, Kubernetes ReplicaSets, and many more.

Without further delay, let’s get into it.

Join 46 other followers

Table of Content

  1. kubernetes deployment
  2. Kubernetes ReplicaSets
  3. Kubernetes DaemonSet
  4. Kubernetes Jobs
  5. What is a kubernetes service
  6. Kubernetes ClusterIP
  7. Kubernetes NodePort
  8. kubernetes loadbalancer service
  9. Kubernetes Ingress
  10. kubernetes configmap or k8s configmap
  11. Kubernetes Secrets
  12. Kubernetes Volume and kubernetes volume mounts
  13. kubernetes stateful sets
  14. Conclusion

kubernetes deployment

Kubernetes deployments allow you to create Kubernetes Pods and containers using YAML files. Using Kubernetes deployment, you specify the number of pods or replica sets you to need for a particular Kubernetes deployment.

Unlike kubernetes replicaset, Kubernetes deployment allows you to roll back, update the rollouts, resume or pause the deployment and never cause downtime. When you create a Kubernetes deployment by defining the replicas the kubernetes replicaset are also created.

A ReplicaSet ensures that a specified number of Pods are running simultaneously; however, a Kubernetes deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods along with a lot of other useful features.

Let’s check out an example to create Kubernetes deployments.

  • Create a file named deployment.yaml and copy/paste the below content into the file.
    • The name of the deployment is nginx-deployment defined in metadata.name field.
    • The deployment will create three kubernetes Pods using the spec.replicas field.
    • Kubernetes pods characterstics ae defined using the spec.selector field.
    • Pods will be launched if matches deployment Label defined using spec.selector.matchlabels.app
    • Pods are labeled using spec.template.metadata.labels.app
    • Containers specifications are done using spec.template.spec respectively.

When you execute the kubectl apply command to create the kubernetes object then your YAML file or requuest to Kube API server is first converted into JSON format.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment  # Name of the deployment
  labels: 
     app:nginx  # Declaring the deployments labels.
spec:
  replicas: 3  # Declaring the number of Pods required
  selector:
    matchLabels:
      app: nginx # Pods will be launched if matches deployment Label.
  template:
    metadata:
      labels:
        app: nginx # Labels of the Pods.
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80
  • Now, run kubectl get deployments to check if the Kubernetes deployment has been created.
kubectl get deployments
Creating kubernetes deployments
Creating kubernetes deployments
  • Next, run kubectl get rs to check the Kubernetes ReplicaSets created by the Deployment,
kubectl get deployments
Checking the kubernetes deployments
Checking the kubernetes deployments
  • If you wish to check the labels which are automatically generated for each Pod, run the below command.
kubectl get pods --show-labels
Checking labels of Pods
Checking labels of Pods
  • To update the deployment such as using nginx:1.16.1 instead of nginx:1.14.2
kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 --record

Kubernetes ReplicaSets

Kubernetes ReplicaSets maintains a set of Kubernetes Pods running simultaneously and makes sure the pods are load-balanced properly; however, a Kubernetes deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods along with a lot of other useful features.

Kubernetes Replicasets are deployed in the same way as Kubernetes deployments. For ReplicaSets, the kind is always a ReplicaSet, and you can scale delete the pods with the same kubectl command as you did for deployments.

apiVersion: apps/v1
kind: ReplicaSet
metadata:
  name: nginx-replicasets
  labels: 
      app:nginx 
spec:
  replicas: 3 
  selector:
    matchLabels:   # Replicaset Label To create replicasets only when it matches label app: nginx 
      app: nginx 
  template:
    metadata:
     labels:      # Container label app: nginx 
        app: nginx 
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80
  • Next run the below command to create the kubernetes Replicaset.
kubectl apply -f replicasets.yml
  • To replace the Kubenetes Replicaset run the below command.
kubectl replace -f replicasets.yml
  • To scale the Kubernetes Replicasets run the below command.

Changing the Kubernetes Replicasets doesn’t change the number of replicas in the Kubernetes manifest file.

kubectl scale --replicas=6 -f replicasets.yml 
kubectl scale  --replicas=6 replicaset name-of-the-replicaset-in-metadadata
Kubectl commands to work with kubernetes replicasets
Kubectl commands to work with kubernetes replicasets

Kubernetes DaemonSet

Kubernetes DaemonSet ensures that each node in the Kubernetes cluster runs a copy of Pod. When any node is added to the cluster, it ensures Pods are added to that node, or when a node is removed, Pods are also removed, keeping the Kubernetes cluster clean rather than getting stored in the garbage collector.

Generally, the node that a Kubernetes Pod runs on is chosen by the Kubernetes scheduler; however, for Kubernetes, DaemonSet pods are created and scheduled by the DaemonSet controller. To deploy, replace or update the Kubernetes Daemonset, you need to use the same Kubectl command for Kubernetes deployments.

  • Create a file named daemonset.yaml and copy/paste the below code.
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd-elasticsearch
  namespace: kube-system
  labels:
    k8s-app: fluentd-logging
spec:
  selector:
    matchLabels:
      name: fluentd-elasticsearch
  template:
    metadata:
      labels:
        name: fluentd-elasticsearch
    spec:
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      containers:
      - name: fluentd-elasticsearch
        image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
        resources:
          limits:
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 200Mi
  • Now, execute the kubectl apply command to create a Kubernetes daemonset.
kubectl apply -f  daemonset.yaml
creating a Kubernetes daemonset
creating a Kubernetes daemonset

Kubernetes Jobs

The main function of the Kubernetes job is to create one or more Kubernetes pods and check the successful deployment of the pods. Deleting a Kubernetes job will remove the Pods it created, and suspending a Kubernetes job will delete its active Pods until it is resumed again.

For example, while creating a new Pod, if it fails or is deleted due to a node hardware failure or a node reboot, the Kubernetes Job will provide the same. Kubernetes Job wallows you to run multiple Pods parallel or on a particular schedule.

When a Kubernetes Job completes, no more Pods are created or deleted, allowing you to still view the logs of completed pods to check for errors, warnings, etc. The Kubernetes job remains until you delete it using the kubectl delete job command.

  • To create a Kubernetes Job create a file named job.yaml and copy/paste the below content into it.
apiVersion: batch/v1
kind: Job
metadata:
  name: tomcatjob
spec:                  # It is of List and a array
  template:
    # This is the pod template
    spec:
      containers:
      - name: tomcatcon
        image: Tomcat
        command: ['sh', '-c', 'echo "Hello, Tomcat!" && sleep 3600']
      restartPolicy: OnFailure

  • To create the Kubernetes Jobs run the kubectl apply command followed by kubectl get job command to verify.
kubectl apply -f job.yaml

kubectl get jobs
creating the Kubernetes Jobs
creating the Kubernetes Jobs
  • To list all the Pods that belong to a Kubernetes Job use kubectl get pods command as shown below.
pods=$(kubectl get pods --selector=job-name=pi --output=jsonpath='{.items[*].metadata.name}')
echo $pods
list all the Pods that belong to a Kubernetes Job
list all the Pods that belong to a Kubernetes Job
list all the Pods that belong to a Kubernetes Job
list all the Pods that belong to a Kubernetes Job

What is a kubernetes service

Kubernetes service allows you to expose applications running on a set of Pods as a network service. Every Kubernetes Pods gets a unique IP address and DNS name, and sometimes these are deleted or added to match the state of your cluster, leading to a problem as IP addresses are changed.

To solve Kubernetes service was introduced, which aligns static Permanent IP address on a set of Pods as a network service. There are different Kubernetes service types: ClusterIP, NodePort, Loadbalancer, and ExternalName.

Kubernetes ClusterIP

Kubernetes ClusterIP exposes the service on an internal IP and is reachable within the cluster only and possibly only within the cluster nodes. You cannot access the ClusterIP service outside the Kubernetes cluster. When you create a Kubernetes ClusterIP, then a virtual IP is assigned.

Kubernetes ClusterIP architecture
Kubernetes ClusterIP architecture
  • Lets learn to create a ClusterIP using a file named clusterip.yaml and copy/paste the below content.
kind: Service 
apiVersion: v1 
metadata:
  name: backend-service 
spec:
  type: ClusterIP
  selector:
    app: myapp 
  ports:      
    - port: 8080     # Declaring the ClusterIP service port
# target port is the pod's port and If not set then it takes the same value as the service port
      targetPort: 80   
  • To create the ClusterIP service run the kubectl apply command followed by kubectl get service command to verify.
kubectl apply -f clusterip.yaml

kubectl get service
Creating the ClusterIP and verifying
Creating the ClusterIP and verifying

Kubernetes NodePort

Kubernetes NodePort exposes the Kubernetes service to be accessible outside your cluster on a specific port called the NodePort. Each node proxies the NodePort (the same port number on every Node) into your Service. The Kubernetes control plane allocates a port default: 30000-32767, If you want a specific port number, you can specify a value in the nodePort field.

Kubernetes NodePort architecture
Kubernetes NodePort architecture

Let’s learn how to create a simple Kubernetes NodePort service. In the below nodeport.yaml manifest file:

  • Kind should be set to Service as you are about to launch a new service.
  • The name of the service is hostname-service.
  • Expose the service on a static port on each node to access the service from it outside the cluster. When the node receives a request on the static port, 30162 then forwards the request to one of the pods with the label “app: echo-hostname”.
  • Three types of ports for a service are as follows:
    • nodePort – The static port assigned to each node.
    • port – The service port exposed internally in the cluster.
    • targetPort – Container port or pod Port on which application is hosted.
kind: Service 
apiVersion: v1 
metadata:
  name: hostname-service 
spec:
  type: NodePort
  selector:
    app: echo-hostname 
# Client access the Node Port which is forwarded to the service Port and to the target Port
  ports:       
    - nodePort: 30162  # Node Port
      port: 8080 # Service Port
      targetPort: 80   # Pod Port ( If not set then it takes the same service Port)

  • To create the Kubernetes NodePort service run the kubectl apply command followed by kubectl get service command to verify.
kubectl apply -f nodeport.yaml

kubectl get service
Checking Kubernetes NodePort service
Checking Kubernetes NodePort service

If there is a single pod on a single node or multiple pods on a single node or multiple pods on multiple nodes then NodePort remains the same but with a different URL for the client.

https://node1:30008
https://node2:30008
https://node3:30008

kubernetes loadbalancer service

Kubernetes load balancer service exposes the service externally using a cloud provider’s load balancer. If you access the service with NodePort, you will need to use different URLs to access and overcome this use load balancer.

  • Let’s learn how to create a simple kubernetes loadbalancer service. In the below lb.yaml manifest file:
kind: Service 
apiVersion: v1 
metadata:
  name: loadbalancer-service 
spec:
  type: LoadBalancer
  selector:
    app: echo-hostname 
# Client access the Load balancer which forwards to NodePort to the targetPort.
  ports:  
    - nodePort: 30163  # Node Port
      port: 8080 # Service Port
      targetPort: 80   # Pod Port ( If not set then it takes the same service Port)
  • To create the kubernetes Loadbalancer service run the kubectl apply command followed by kubectl get service command to verify.
kubectl apply -f lb.yaml

kubectl get service
Checking Kubernetes Load balancer service
Checking Kubernetes Load balancer service

Kubernetes Ingress

Earlier in the previous section, you learned how to enable the Kubernetes load balancer or NodePort service to access the Kubernetes service from outside the cluster. But as your environment grows, you need to expose the service on a proper link, configure multiple URL redirection, apply SSL certificates, etc. To achieve this, you need to have Kubernetes Ingress.

To deploy Kubernetes Ingress, you need a Kubernetes ingress controller and Ingress resources as they are not automatically deployed within a cluster. As you can see in the below image, Ingress sends all its traffic to Kubernetes Service and further to the Pods.

Kubernetes Ingress architecture
Kubernetes Ingress architecture

Let’s learn how to create a Kubernetes Ingress resource. The name of an Ingress object must be a valid DNS subdomain name, and annotations configure the Ingress controller. The Ingress spec configures a load balancer or proxy server and the rules.

  • If you don’t specify any host within the spec parameter then the rule is applied applies to all inbound HTTP traffic via IP address.
  • /testpath is the path associated with backend service and port.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: minimal-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - http:
      paths:
      - path: /testpath
        pathType: Prefix
        backend:
          service:
            name: test
            port:
              number: 80
Kubernetes Ingress architecture diagram
Kubernetes Ingress architecture diagram

kubernetes configmap or k8s configmap

Kubernetes configmap allows you to store non-confidential data in key-value pairs such as environmental values or command-line arguments or as a configuration file in a volume such as a database subdomain name.

Kubernetes ConfigMaps does not provide secrecy or encryption. If the data you want to store are confidential, use a Secret rather than a ConfigMap.

  • There are multiple waysto use kubernetes configmap to configure containers inside a Pod such as.
    • By using commands in the containers.
    • Environmental variable on containers.
    • Attaching it in the volume.
    • Write a code or script which Kubernetes API reads configmap.
Kubernetes Configmaps architecture diagram
Kubernetes Configmaps architecture diagram
  • Let’s learn how to create a k8s configmap using the below manifest file.
apiVersion: v1
kind: ConfigMap
metadata:
  name: game-demo
data:
  players: "3"
  ui_properties_file_name: "user-interface.properties"
  • Now that you have created Kubernetes configmap, lets use values from game-demo Kubernetes configmap to configure a Pod:
apiVersion: v1
kind: Pod
metadata:
  name: configmap-demo-pod
spec:
  containers:
    - name: demo
      image: alpine
      command: ["sleep", "3600"]
      env:
        # Define the environment variable
        - name: PLAYER 
          valueFrom:
            configMapKeyRef:
              name: game-demo          
              key: players 

Kubernetes Secrets

Kubernetes Secrets allow you to store sensitive information such as passwords, OAuth tokens, SSH keys and enable encryption. There are three ways to use Kubernetes Secrets with POD like environmental variable on the container, attach as a file in volume and use by kubelet when you pull the image.

Let’s learn how to create Kubernetes Secrets using the below manifest file.

apiVersion: v1
kind: Secret
metadata:
  name: secret-basic-auth
type: kubernetes.io/basic-auth
stringData:
  username: admin
  password: password123

You can also create Kubernetes secrets using kubectl command.

kubectl create secret docker-registry secret-tiger-docker \
  --docker-username=user \
  --docker-password=pass \
  --docker-email=automateinfra@gmail.com

Kubernetes Volume and kubernetes volume mounts

Kubernetes volumes are used to store data for containers in Pod. If you store the data locally on a container, then it’s a risk as, and when pod or a container dies, the data is lost. Kubernetes volumes remain persistent and are backed up easily.

Kubernetes volumes can be mounted to other Kubernetes volumes. Each container in the Pod’s configuration must independently specify Kubernetes volume mounts.

  • There are different persistent volumes which kubernetes supports such as:
    • AWS EBS : An AWS EBS volume mounts into your pod provided your nodes on which pods are running must be AWS EC2 instances
    • azure disk : The azure Disk volume type mounts a Microsoft Azure Data Disk into a pod
    • Fiber channel: Allows an existing fiber channel block storage volume to mount to a Pod.
  • Let’s learn how to declare Kubernetes volume using AWS EBS configuration example.
apiVersion: v1
kind: Pod
metadata:
  name: test-ebs
spec:
  containers:
  - image: k8s.gcr.io/test-webserver
    name: test-container
    volumeMounts:
    - mountPath: /test-ebs
      name: test-volume
  volumes:
  - name: test-volume
    # This AWS EBS volume must already exist.
    awsElasticBlockStore:
      volumeID: "<volume id>"
      fsType: ext4

kubernetes stateful sets

Kubernetes stateful sets manage stateful applications such as MySQL, Databases, MongoDB, which need persistent storage. Kubernetes stateful sets manage the deployment and scaling of a set of Pods and provide guarantees about the ordering and uniqueness of these Pods.

With Kubernetes stateful sets with N replicas, when Pods are being deployed, they are created sequentially, in order from {0..N-1} and are terminated in reverse order, from {N-1..0}.

Let’s check out how to declare Kubernetes stateful sets configuration example below.

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: web
spec:
  selector:
    matchLabels:
      app: nginx # has to match .spec.template.metadata.labels
  serviceName: "nginx"
  replicas: 3 # by default is 1
  template:
    metadata:
      labels:
        app: nginx # has to match .spec.selector.matchLabels

Conclusion

Now that you have learned everything you should know about Kubernetes, you are sure going to be the Kubernetes leader in your upcoming projects or team or organizations.

So with that, which applications do you plan to host on Kubernetes in your next adventure?

Kubernetes Tutorial for Kubernetes Certification [PART-1]

Kubernetes Tutorial for Kubernetes Certification [PART-1]

If you are looking to learn to Kubernetes, you are at the right place; this Kubernetes Tutorial for Kubernetes Certification tutorial will help you gain complete knowledge that you need from basics to becoming a Kubernetes pro.

Kubernetes is more than just management of docker containers as it keeps the load balanced between the cluster nodes, provides a self-healing mechanism such as replacing a new healthy container and many features.

Let’s get started with Kubernetes Tutorial for Kubernetes Certification without further delay.

Join 46 other followers

Table of Content

  1. What is kubernetes?
  2. Why Kubernetes?
  3. Docker swarm vs kubernetes
  4. kubernetes Architecture: Deep dive into Kubernetes Cluster
  5. kubernetes master components or kubernetes master node
  6. Worker node in kubernetes Cluster
  7. Highly Available Kubernetes Cluster
  8. What is kubernetes namespace?
  9. Kubernetes Objects and their Specifications
  10. Kubernetes Workloads
  11. What is a kubernetes Pod? 
  12. Deploying multi container Pod
  13. Conclusion

What is kubernetes?

Kubernetes is an open-source Google-based container orchestration engine for automating deployments, scaling, and managing the container’s applications. It is also called k8s because eight letters are between the “K” and the “s” alphabet.

Kubernetes is portable and extensible which supports declarative as well as automatic approaches.

Kubernetes also helps in service discovery, such as exposing a container using the DNS name or using their own IP address, provides a container runtime, zero downtime deployment capabilities, automatic rollback, automatic storage allocation such as local storage, public cloud providers, etc.

Kubernetes has the ability to scale when needed, which is known as AutoScaling. You can automatically manage configurations like secrets or passwords and mount EFS or other storage when required.

Why Kubernetes?

Now that you have a basic idea about what is Kubernetes. Earlier applications used to run on the physical server that had issues related to resource allocation, such as CPU memory. You would need more physical servers, which were too expensive.

To solve the resource allocation issue, virtualization was adopted in which you could isolate applications and align the necessary resources as per the need. With virtualization, you can run multiple virtual machines running from single hardware, allowing better utilization of resources and saving hardware costs.

Later, the containerizations-based approach was followed, such as docker and after Kubernetes, which is light-weighted and allowed portable deployments in which containers share the same OS, CPU, and memory from the host but have their own file systems and can launch anywhere from local machines or on cloud infrastructure.

Finally, Kubernetes takes care of scaling and failover for your applications and easily manages the canary deployment of your system.

Some of the key features of Kubernetes are:

  • Kubernetes exposes a container using a DNS name or using an IP address.
  • Kubernetes allows you to mount storage system of your choice such as local storage, public cloud providers and more.
  • You can rollback the state anytime for your deployments.
  • Kubernetes replaces containers that fails or whose health check fails.
  • Kubernetes allows you to store secrets and sensitive information such as passwords, OAuth tokens and SSH keys. Also you can update the secret information multiple times without impacting container images.

Every Kubernetes object contains two nested objects (object spec and object status) whee spec describes the description of the object you set and status shows

Physical Server to Virtualization to Containerization
Physical Server to Virtualization to Containerization

Docker swarm vs kubernetes

In previous sections, you learned what Kubernetes is and why there is a shift from physical to virtual machines and towards docker, the container-based technology.

Docker is a light weighted application that allows you to launch multiple containers. Still, to manage or orchestrate the containers, you need orchestration tools such as the Docker swarm or the Kubernetes.

Let’s look at some of the key differences between Docker swarm vs Kubernetes.

Docker SwarmKubernetes
Docker swarm use YAML files and deploy on nodesUsers can encrypt data between nodes.
Users can encrypt data between nodesAll Pods can interact with each other without encryption
Kubernetes Installation is difficult, but the cluster is powerfulDocker swarm is easy to install, but the cluster doesn’t ha many advanced features.
There is no autoscaling enabled in the Docker swarm.Can do autoscaling
Docker swarm is easy to install but the cluster doesn’t ha many advanced features.Kubernetes Installation is difficult but the cluster is very strong
Docker swarm vs Kubernetes

kubernetes Architecture: Deep dive into Kubernetes Cluster

When you Install Kubernetes, you create a Kubernetes cluster that mainly contains two components master or the controller nodes and worker nodes. Nodes are the machines that contain their own Linux environment, which could be a virtual machine or either physical machine.

The application and services are deployed in the containers within the Pods inside the worker nodes. Pods contain one or more docker containers. When a Pod runs multiple containers, all the containers are considered a single entity and share the Node resources.

Bird-eye view of kubernetes cluster
Bird-eye view of Kubernetes cluster

kubernetes master components or kubernetes master node

Kubernetes master components or Kubernetes master node manages the Kubernetes clusters state, storage information about the different nodes, container alignments, the data, cluster events, scheduling new Pods, etc.

Kubernetes master components or Kubernetes master node contains various components such as Kube-apiserver, an etcd storage, a Kube-controller-manager, and a Kube-scheduler.

Let’s learn about each Kubernetes master component or Kubernetes master node.

kube api server

The most important component in the Kubernetes master node is the kube API server or API server that orchestrates all the operations within the cluster. Kubernetes cluster exposes the Kube API server and acts as a gateway or an authenticator for users.

Kube API server also connects with worker node and other control panel components. It also allows you to query and manipulate the state of API objects in Kubernetes such as Pods, Namespaces, ConfigMaps, and events from the etcd server.

The kubectl command-line interface or kubeadm uses the kube API server to execute the commands.

If you deploy the kube API server using the kubeadm tool, it is installed as a Pod else for non-kubeadm setup; you will find it on cat /etc/systemd/system/kube-apiserver.service.

  • To check if kube api server is running in the kubernetes cluster using kubectl command.
kubectl get pods --all-namespaces
Checking the kube API server in the Kubernetes cluster with the kubectl command
Checking the kube API server in the Kubernetes cluster with the kubectl command
  • To check if kube api server is running in the kubernetes cluster with the process command.
ps -aux | grep kube-apiserver
Checking the kube API server in the Kubernetes cluster with process command
Checking the kube API server in the Kubernetes cluster with process command

You can also use client libraries if you want to write an application using Kubenetes API server based on different languages.

etcd kubernetes

etcd is again an important component in the Kubernetes master node that allows storing the cluster data, cluster state, secrets, configs, pod state, etc. in key-value pair format. etcd holds two types of state; one is desired, and the other is the current state for all resources and keeps them in sync.

When you run the kubectl get command, the request goes to the etcd server, and the same command to add or update anything in the Kubernetes cluster using kubectl add or kubectl update, etcd is updated.

For example, the user runs the kubectl command, then the request goes to ➜ the Kube API server (Authenticator) ➜ , etcd ( reads the value) and pushes those values back to the kube API server.

Tabular or relational database
Tabular or relational database
Key-value store
Key-value store

Kube scheduler

Kube scheduler helps schedule new Pods and containers to the appropriate worker nodes according to the pod’s requirement, such as CPU or memory, before allocating the pods to the worker node of the cluster.
Whenever the controller manager finds any discrepancies in the cluster, it forwards the request to Scheduler via the kube API server to fix the gap. For example, If there is any change in node or if pod is created without assigned node, then:

  • Scheduler monitors the kube API server continously.
  • Kube API server checks with etcd and etcd respond back to kube API server with required information.
  • Next Controller manager informs Kube API server to schedule new pods using Scheduler.
  • Scheduler takes use of Kube API server asks kublet to assigns the node to the Pod.
  • Kubectl after assigning the pod responds back to kube API server with the information and kube API further communicates to etcd to update.
Scheduling a Pod
Scheduling a Pod

Kube controller manager

Kube controller manager runs the controller process. Kubernetes comes with a set of built-in controllers that run inside the kube-controller-manager. These built-in controllers provide important core behaviors.

  • Node Controller: Node controller in kube controller manager checks the status of the node like when would node gets on or off.
  • Replication controller: Replication controller in kube controller manager maintains the correct number of containers are running in the replication group.
  • Endpoint controller: Providers endpoints of pods and services.
  • Service and token controller: Create Accounts and API access tokens.

In Kubernetes kube controller managers control loops that watch the state of your cluster, then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state and if there are any gaps, then forwards the request to Scheduler via the kube API server to fix the gap.

Worker node in kubernetes Cluster

Worker Node is part of a Kubernetes cluster used to manage and run containerized applications. The worker node performs any actions when any Kube API server triggers any request. Each node is managed by the control plane or Master Node that contains the services necessary to run Pods.

The Worker node contains various components, including a Kubelet, Kube-proxy, container runtime, and Node components run on every node, maintaining the details of all running pods.

kubelet in kubernetes

kubelet in Kubernetes is an agent that runs on each worker node and manages containers in the pod after communicating with the kube API server. Kubelet command listens to the Kube API server and acts accordingly, such as adding or deleting containers.

Kube API server fetches the information from kubelet about the worker nodes’ health condition and, if necessary, schedules the necessary resources with the help of Scheduler.

Kubelet is not installed as a pod with the kubeadm tool; you must install it manually.

kube proxy in kubernetes

Kube proxy is a networking component that runs on each worker node in the Kubernetes cluster, forwards traffic within the worker nodes, and handles network communications.

Container Runtime

Container Runtime is an important component responsible for providing and maintaining the runtime environment to containers running inside the Pod. The most common container runtime is Docker, but others like containerd or CRI-O may also be possible.

Other than Master or Worker Node

  • Now tha you know that a Kubernetes cluster contains a master and worker node but it also neds a DNS server which servers DNS records for kubernetes service.
  • Next, optional but it is a good practice that you to install or setup Kubernetes Dashbaod (UI) which allows users to manage and troubleshoot applications running in the cluster.

Highly Available Kubernetes Cluster

Now that you have a good idea and knowledge about the Kubernetes cluster components. Do you know Kubernetes auto-scales your cluster if required, and there are two ways to achieve it?

  • With etcd co-located with control panel nodes and have a stacked etcd.
  • With etcd running on separate nodes from the control panel nodes and have a external stacked etcd.

etcd is co-located with control panel

In the case of etcd are co-located with control panel all the three components API server, scheduler, controller manager communicates with etcd separately.

In this case, if any node gets down, both the components are down, i.e., API processor, etcd. To solve this, add more nodes to make it Highly Available. This approach requires less infrastructure.

etcd is co-located with control panel
etcd is co-located with control panel

etcd running on separate nodes from the control panel

In the second case of etcd running on separate nodes with control panel all the three components kube API server, scheduler, controller manager communicates with etcd externally with an external stacked etcd.

In this case, if any node gets down, your etcd is not impacted, and you still have a highly available environment than stacked etcd, but this approach requires more infrastructure.

etcd running on separate nodes from the control panel
etcd running on separate nodes from the control panel

What is kubernetes namespace?

Kubernetes supports multiple virtual clusters backed by the same physical cluster. These virtual clusters are called Kubernetes namespace.

In the Kubernetes namespace, all the resources should have a unique name, but not across namespaces. Kubernetes namespaces help different projects, teams, or customers to share a Kubernetes cluster and divide cluster resources between multiple users.

There are three types of Kubernetes namespaces when you launch a Kubernetes cluster:

  • Kube-system: kube-system contains the all the cluster components such as etcd, api-server, networking, proxy server etc.
  • Default: Default namespace is where you will actually launch the resources or other kubernetes objects by default.
  • Kube-public: This namespace is available for all users accessing the kubernetes service publically.

Let’s look at an example related to the Kubernetes namespace.

  1. If you wish to connect service named db-service within the same namespace then you can access the service directly as:
 mysql.connect("db-service")
  1. To access service named db-service service in other namespace like dev then you should access the service as:
    • <service-name>.<namespace-name>.svc.cluster.local because when you create a service the DNS entry is created
    • svc is subdomain for the service.
    • cluster.local is default domain name of the kubernetes cluster
mysql.connect("db-service.dev.svc.cluster.local") 

Most Kubernetes resources (e.g., pods, services, replication controllers, and others) are created in the same namespace or different depending on the requirements.

  • To List the current namespaces in a cluster run the kubectl command as below.
kubectl get namespaces
kubectl describe namespaces
kubectl create namespace namespace-name
kubectl delete namespaces namespace-name
  • To allocate resource quota to namespace, create a file named resource.yaml and run the kubectl command.
apiVersion: v1
kind: ResourceQuota
metadata: 
    name: compute-quota
    namespace: my-namespace2
spec:
  hard:
    pods: "10"
    requests.cpu: "1"
    requests.memory: 0.5Gi
    limits.cpu: "1"
    limits.memory: 10Gi
kubectl create -f resource.yaml
allocate resource quota to namespace,
allocate resource quota to namespace
  • To check the resource consumption for a particular namespace run the below command.
kubectl describe resourcequota compute-quota
checking the resource consumption for a particular namespace
checking the resource consumption for a particular namespace

Kubernetes Objects and their Specifications

Kubernetes objects are persistent entities in the Kubernetes system. Kubernetes uses these entities to represent the state of your cluster, such as how many containers are running inside the Pod and on which node, what all resources are available If there are any policies on applications.

These Kubernetes objects are declared in .YAML formats are used during deployments. The YAML file is used by the kubectl command, which parses it and converts it into JSON.

  • Spec : While you create the object you need to specify the spc parameter which define the characteristics of the resources you want in the kubernetes cluster.
  • Labels are key/value pairs that are attached to objects, such as pods. Labels are intended to be used to specify identifying attributes of objects that are relevant to users. Labels are used to organize and to select subsets of objects.
  • apiVersion – Which version of the Kubernetes API you’re using to create this object
  • kind – What kind of object you want to create
  • metadata – Data that helps uniquely identify the object, including a name string, UID, and optional namespace
apiVersion: apps/v1             # Which Version your kubernetes API server uses
kind:       Deployment          # What kind of Object you would like to have
metadata:   tomcat deployment   # To Identify the Object
specs:                                  # What would you like to achieve using this template
   replicas: 2                        # Run 2 pods matching the template
   template:
     metadata:                  # Data that identify object like name, UID and namespace
       labels: 
         app : my_tomcat_app
   spec:
     containers:
     - name: my_tomcat_container
       image: tomcat
       ports:
       - containerPort : 8080

Kubernetes Workloads

The workload is the applications running on the Kubernetes cluster. Workload resources manage the set of Kubernetes Pods in the form of Kubernetes deployments, Kubernetes Replica Set, Kubernetes StatefulSet, Kubernetes DaemonSet, Kubernetes Job, etc.

Kubernetes deployments, Kubernetes Replica Set, Kubernetes StatefulSet, Kubernetes DaemonSet, Kubernetes Job, etc
Kubernetes deployments, Kubernetes Replica Set, Kubernetes StatefulSet, Kubernetes DaemonSet, Kubernetes Job, etc

Let’s learn each of the Kubernetes in the upcoming sections.

What is a kubernetes Pod?

The Kubernetes pod is a Kubernetes entity where your docker container resides hosting the applications. The number of pods in the node increases, not containers, if there is an increase in traffic on the apps.

The Kubernetes pod contains a single or group of containers that work with shared storage and network. It is recommended to add Pods than adding containers in the Pod because more containers mean more complex structures and interconnections.

The Kubernetes Pods are created using workload resources such as Kubernetes deployment or Kubernetes Job with the help of yaml file or using directly calling Kubernetes API and are assigned unique IP addresses.

To create a highly available application, you should consider deploying multiple Pods known as replicas. Healing of Pods is done by controller-manager as it keeps monitoring the health of each pod and later asks the scheduler to replace a new Pod.

All containers in the Pod can access the shared volumes, allowing those containers to share data same network namespace, including the IP address and network ports. Inside a Pod, the containers that belong to the Pod can communicate with one another using localhost.

  • To create a Kubernetes Pod create a yaml file named pod.yaml and copy/paste the below content.
# pod.yaml template file that creates pod
apiVersion: v1        # It is of type String
kind: Pod               # It is of type String
metadata:             # It is of type Dictionary
  name: nginx
  labels: 
    app: nginx
    tier: frontend
spec:                  # It is of type List and Array
  containers:
  - name: nginx
    image: nginx
  • Now to create a Kubernetes Pod execute the kubectl command.
kubectl apply -f pod.yaml  # To run the above pod.yaml manifest file
Creating a Kubernetes Pod
Creating a Kubernetes Pod

Deploying multi container Pod

In the previous section, you learned how to launch a Pod with a single container, but you sometimes need to run Kubernetes pods with multiple containers. Let’s learn how you can achieve this.

  • To create a multi container Kubernetes Pod create a yaml file named multi-container-demo.yaml and copy/paste the below content.
apiVersion: v1
kind: Pod
metadata:
  name: multicontainer-pod
spec:
  restartPolicy: Never
  volumes:
  - name: shared-data
    emptyDir: {}
  containers:
  - name: nginx-container-1                  # Container 1
    image: nginx
    volumeMounts:
    - name: shared-data
      mountPath: /usr/share/nginx/html
  - name: ubuntu-container-2                  # Container 2
    image: nginx
  • Now to create multi container Kubernetes Pod execute the kubectl command.
kubectl apply -f multi-container-demo.yaml  # To run the above pod.yaml manifest file
  • To check the Kubernetes Pod run kubectl get pods command.
Creating multi-container Kubernetes Pod
Creating multi-container Kubernetes Pod
  • To describe both the containers in the kubernetes Pods run kubectl describe command as shown below.
kubectl describe pod multicontainer-pod
describe both the containers in the kubernetes Pods
describe both the containers in the Kubernetes Pods

Join 46 other followers

Conclusion

In this Ultimate Guide, you learned what is Kubernetes, Kubernetes architecture, and understood Kubernetes cluster end to end and how to declare Kubernetes manifest files to launch Kubernetes Pods.

Now that you have gained a handful of Knowledge on Kubernetes, continue with the PART-2 guide and become the pro of Kubernetes.

Kubernetes Tutorial for Kubernetes Certification [PART-2]

Linux Interview Questions and Answers for experienced

If you are preparing for a DevOps interview or for a Linux administrator, consider this Linux Interview Questions and Answers for the experienced tutorial as your lucky friend, which will help you pass the Certificate or the Linux interview.

Let’s get into this Ultimate Linux Interview Questions and Answers for an experienced guide without further delay.

Join 46 other followers

PAPER-1

Q1. In which directory are Linux logs stored in the Linux file system?

  • Linux log files are stored under /var/log directory which contains system generated and application logs.
/var/log/ directory
/var/log/ directory

Q2. What does the /var/log/dmesg directory contain in the Linux file system?

  • When you Power on Linux machines BIOS calls POST and MBR is loaded. MBR further calls GRUB and finally GRUB calls kernel and kernel gets loaded in memory. While all these process takes place kernel generates lots of messages related to hardware, BIOS, mount file system and stores in /var/log/dmesg directory in the Linux file system which can be viewed using dmesg command.
/var/log/dmesg directory
/var/log/dmesg directory

Q3. What does the /var/log/apt/history.log directory contain in the Linux file system?

  • /var/log/apt/history.log directory contain in the Linux file system provides all the details such as which software or Linux packages were removed, installed or upgraded in the Linux machine. For example when you execute commands like sudo apt update, sudo apt install apcahe2 then all the logs are captured in the /var/log/apt/history.log directory.
/var/log/apt/history.log
/var/log/apt/history.log

Q4. What does the /var/log/auth.log directory contain in the Linux file system?

  • /var/log/auth.log directory contains logs related to the system and user access. Whenever any user log in to the machine or SSH into remote machine to perform any activity all the logs get captured under this file. /var/log/auth.log directory in the Linux file system helps you to find password locked out issues or someone trying to SSH into your machine unnecessarily.
/var/log/auth.log
/var/log/auth.log

Q5. To list all packages in the log file installed using the below command.

cat /var/log/apt/history.log | grep "install"
Listing all the packages in the history.log file
Listing all the packages in the history.log file

Q6. What does the /var/log/kern.log directory contain in the Linux file system?

  • /var/log/kern.log directory provides the information related to kernel warnings, Kernel error messages and Kernel events to the Linux system.
/var/log/kern.log
/var/log/kern.log

Q7. What does the /var/log/Syslog directory in the Linux file system?

  • /var/var/log/Syslog directory provides the in-depth information about your system, application, kernel warnings, Kernel error messages and Kernel events etc. and stores logs. If you are unable to find information in any other files then Syslog directory is your last resort.
/var/log/syslog
/var/log/syslog

Q8. What does the /var/log/apport.log directory contain in the Linux file system?

  • /var/log/apport.log directory provides the in-depth information about the system crash, reports access related issues and OS related failures.
/var/log/apport.log directory
/var/log/apport.log directory
  • If you wish you can configure to schedule these logs in the /etc/logrotate.d/apport directory.
/etc/logrotate.d/apport directory
/etc/logrotate.d/apport directory

Q9. What does the /var/log/ufw.log directory contain in the Linux file system?

  • /var/log/ufw.log directory provides the in-depth information about firewall and network connectivity in the Linux machine.

Q10. What does the /var/log/daemon.log directory contain in the Linux file system?

  • /var/log/daemon.log directory provides the information logged by the various background daemons running in the Linux machine.

Q11. What does the /var/log/apache2/access.log directory contain in the Linux file system?

  • /var/log/apache2/access.log directory contains information logged by apache2 web server. As soon as you install apache2 using the apt install apache2 command you will see this access.log gets created in the Linux machine.
/var/log/apache2/access.log directory
/var/log/apache2/access.log directory

Q12. What does the /var/log/dpkg.log directory contain in the Linux file system?

  • /var/log/dpkg.log directory provides the information related to package installation and similar to /var/log/apt file in the Linux machine.

Q13. Why “.” files are not included in the ls command in the Linux file system?

  • The reason is the configuration files are less likely to be accessed or not accessed at all in the Linux machine.

Q14. Explain the File permissions of the below file in the Linux file system?

drwxr-xr-x   2     sam sam 4096 2015-05-16 17:07 Documents
  • d is a filetype (directory) however it can also have - which represents a file or c that represents character device and finally b represents block device
  • rwxr-xr-x are the permissions of user, group and others respectively where r is read, w is write and x is execute permission. User has rwx permissions, group has r-x permissions and others have r-x permissions.
    • r represents read permission and it has 4 octal value.
    • w represents write permission and it has 2 octal value.
    • x represents execute permission and it has 1 octal value.
    • u represents user, g represents group , o represents others and a represents all( user, group and others)
  • l is the number of links that a file contains.
  • sam is the owner of the file that is documents is owned by the user sam. Group contains multiple users and sam user is part of the sam group which is his primary group.
  • 4096 is the size of the file.
  • 2015-05-16 17:07 displays when was file last accessed.
  • Documents is the file name

Q15. Explain the chmod command practically to change the permissions on the file in the Linux file system?

Chmod: To change the permissions on the file using the chmod command. Let’s learn how to work with the chmod command.

  • chmod a-w file.txt – Subtracting the write permission from all user, group and others.
  • chmod u+rwx file.txt – Adding the read, write and execute permission for user.
  • chmod g-r file.txt – Subtracting the read permission from group
  • chmod 666 file.txt – Granting the read and write access to all user, group and others
  • chmod 714 file.txt
    • Granting the read, write and execute permissions to user.
    • Granting the execute permission to group.
    • Granting the read and write access to others.

Q16. Explain the umask command practically in the Linux file system? Linux file system?

The umask command works like a filter that masks your permissions.

  • 0 represents that it has all the permissions ie. read, write and execute
  • 7 represents no permissions that means it masks all the actual values.
  • UMASK 037 will create a file with -rwxr—– permissions
  • UMASK 000 will create a file with -rwxrwxrwx permissions
  • UMASK 222 will create a file with -r-x-r-x-r-x

Q17. How to check the file type of a file using the file command.

file name_of_the_file
check the filetype of a file
check the filetype of a file

Q18. How to check the permissions of the file using the getfacl command.

 getfacl name_of_the_file
getfacl command
getfacl command

Q19. How to set the permissions of the file using the setfacl command.

# Setting rwx permission for user sam on name_of_the_file
setfacl -m u:sam:rwx name_of_the_file

Q20. Explain all the below Linux commands?

  • Find command in linux: find command in linux search files and directories according to conditions. For example find all .mp3 files that are greater than 10MB and delete them using one single command.
find / -type f -name *.mp3 -size +10M -exec rm{} \;
  • gzip command in linux: gzip command in linux compresses the file size
gzip file_name
  • chattr command in linux: chattr command in linux helps to alter attributes of files but only with root user. For Ex: make directory(+i) and sub files(-R) immutable.
chattr -R +i  temp/
  • Chown command in linux: Chown command in linux allows to change the owner of a file or directory.
chown -R tomat:tomcat /opt
  • mkfs command in linux: mkfs command in linux allows to create a file system.
mkfs.ext2 ~/tmp.img
  • unzip command in linux: unzip command in linux extracts all files from specified ZIP achieves.
unzip myfile.zip
  • mount command in linux: mount command allows to mount the Linux file systems to a directory.
mount  /dev/sda1 media/usb
  • dd command in linux: dd command in linux copies a file, converts and then formats according to the operands.
# Backup the MBR partitioned system, where size is 512b, "if" is input source and "of" is output file.
sudo dd if=/dev/sda bs=512 count=1 of=mbr.img
  • fdisk command in linux: fdisk command in linux stands for Format disk which allows you to create, view, resize, delete and change the partitions on a hard drive.
fdisk /dev/sda
  • sort command in linux: sort command in linux helps in sorting the lines of text files or arranging them.
sort -o output.txt file.txt
  • swap command in linux: swap command in linux is used when the amount of physical RAM memory is full. When a Linux system runs out of RAM, inactive pages are moved from the RAM to the swap space
  • tar command in linux: tar command in linux which stands for Tape Archive is used to compress files which is known as tarball.
tar cjvf abc.tar.gz directory1
  • uniq command in linux: uniq command in linux filters or removes repeated lines in a file.
# -c option specifies how many uniq lines were removed
uniq -c file.txt

Join 46 other followers

Conclusion

In this ultimate guide, you had a chance to revise everything, such as the Linux file system, Linux commands, and Linux log files that you need to know to pass and crack the Linux interview.

Now that you have sound knowledge of Linux and are ready for your upcoming interview.

Pass Terraform Certification with top Terraform Interview Questions and Answers

If you are preparing for a DevOps interview or for a Terraform administrator or a developer, consider this Pass Terraform Certification with top Terraform Interview Questions and Answers tutorial as your lucky friend, which will help you pass the Certificate or the Terraform interview.

Without further delay, let’s get into this UltimatePass Terraform Certification with the top Terraform Interview Questions and Answers guide.

Join 46 other followers

PAPER-1

Q1. What is IAC ?

Answer: IAC stands for Infrastructure as a code which allows to write code, check the code, compile code then execute the code and if required update the code again and redeploy. It is easier to use IAC as you can create and destroy the infrastructure quickly and efficiently.

Q2. Are there any benefits of Infrastructure as Code ?

Answer: Yes there are lot many. IAC allows you to automate multiple things such as with one script with same syntax throughout you can update, scale up-down and destroy the resources quickly. Infrastructure as a code has also capabilities to reuse the code and version it in version control. Terraform is an Infrastructure as code open source tool.

Q3. What are use cases of Terraform ?

Answer: There are multiple use cases of Terraform such as:

  • Heroku App Setup – PAAS based application
  • Multi Tier apps ( For ex: web apps + DB + API + Caching )
  • Disposable environments such as DEV and Stage for testing purpose.
  • Multi cloud deployment.
  • Resource schedulers such as Kubernetes , Borg which can schedule containers , Spark etc.

Q4. What is Terraform state file ?

Answer: Terraform state file maintains the status of your infrastructure such as resource which are provisioned or needs to be provisioned. When you run Terraform plan command a JSON structured output is generated (initially empty) and when you deploy all the resources ID and other details come in JSON file .

Q5. What are different format of Terraform configuration file?

Answer: The format of Terraform configuration file is .tf or .tf.json. Some of the example of Terraform configuration file are main.tf, vars.tf, output.tf, terraform.tfvars , provider.tf etc.

Q6. What are Terraform Providers ?

Answer: Terraform Providers are most important part of terraform which allow to connect to remote systems by the help of API’s. There are different Terraform providers such as google provider, terraform aws provider, terraform azure provider , Oracle, MySQL , Postgres etc.

Q7. Name three Terraform provisioners that are used in Terraform ?

Answer: Terraform provisioners: Local exec , Remote exec and File.

Q8. What happens when you run Terraform init ?

Answer: Terraform init allows all the Terraform modules and Terraform providers to initialize with latest version if there are no dependency locks.

Q9. How do you define Terraform provider version ?

Answer:

terraform {
      required_providers {
           aws = "~> 1.0" } 
     }

Q10. How to update Terraform provider version?

Answer:

terraform init --upgrade

Q11. What is the other way to define Terraform provider other than in Terraform Block?

Answer:

provider {
      version  = "1.0" 
           }

Q12. In case you have two Terraform providers with same name but need to deploy resources in different regions, What do you do in that case?

Answer: Use alias to solve this issue.

Q13. How do you format and validate Terraform configuration files?

Answer: Use command terraform fmt and terraform validate

Q14. What is Command to Check the current status of infrastructure applied and how you can list resources from your state file?

Answer: terraform show and terraform state list

Q15. What is difference between local exec and remote exec Terraform provisioners?

Answer: local exec is used to run the commands locally on your system like output on the terminal while running terraform plan command and remote exec is to execute remotely on the resources such as EC2.

Q16. What are the two types of connections used while you use remote exec Terraform provisioner?

Answer: SSH or Winrm

Q17. When does Terraform mark the resources as tainted ?

Answer: When resources are created successfully but fails during provisioning. Terraform represents this by marking the object as “tainted” in the Terraform state, and Terraform will propose to replace it in the next plan you create.

Q18. What happens to tainted resource when you run Terraform Plan next time ?

Answer: Terraform ignores them as they are risking objects and will create or replace new resources instead.

Q19. How to manually taint a resource and does taint modify your infrastructure ?

Answer: You can use terraform taint command followed by resource.id. No, only state file is modified.

Q20. How to By Pass any failure in Terraform apply ?

Answer: You can use on_failure setting. Never continue if you thing this failure can cause issues.

PAPER-2

Q1. What does the version = “~ > 1.0 ” mean ?

Answer: It means any version greater than 1 but less than 2.0

Q2. What is more secure practice in terraform ? Using hard coded credentials or Instance profile ?

Answer: Instance Profile.

Q3. How can you remove resource that failed while terraform apply without affecting entire infrastructure ?

Answer: We can use terraform taint resource.id

Q4. What is Terraform workspace and what is default Terraform workspace name?

Answer: Terraform workspace is used to store the permanent data inside terraform state file in backend and by default there is only one terraform state file and if you would like to have multiple terraform state file associated with one backend then you need workspaces. By default there is only one workspace named as default.

Q5. What is the command to list the Terraform workspaces and create new Terraform workspace. ?

Answer: terraform workspace list and terraform workspace new *new_workspace*

Q6. Can you delete default Terraform workspace ?

Answer: No, you cannot delete default Terraform workspace.

Q7. If you want to create one resource in default Terraform workspace and other five resource in different terraform workspace using count, then how can you achieve this?

Answer: Run the below command

resource "aws_instance" "mymachine" {
     count = "${terraform.workspace == "default"  ? 1 : 5 } "
}

Q8. How can you check a single resource attribute in state file?

Answer: terraform state show ‘resource name’.

Q9. How can you bring state file locally on machine and upload to remote location ?

Answer: terraform state pull – To bring the state file to local machine and terraform state push to manually upload the state file to remote location such as S3 bucket in AWS.

Q10. How to remove items from Terraform state file?

Answer: terraform state rm “packet_device.worker”

Q11. How to move items from Terraform state file?

Answer: To move items within Terraform state file run the below command.

terraform state mv 'module.app' 'module.parent.module.app'

Q12. Where are Terraform modules located ?

Answer: Terraform modules can be stored in repositories such as AWS S3 bucket, GIT, local filesystem or Terraform Registry.

Q13. Where are your Terraform providers located ?

Answer: Within the Terraform registry.

Q14. What is the command to check the current status of infrastructure applied and how you can list resources from your state file?

Answer: terraform show and terraform state list

Q15. How do you download Terraform modules in a file ?

Answer: Using module block containing source and version.

Q16. What are terraform Module ?

Answer: Terraform module contains set of Terraform configuration files in a single directory and allows others to reuse for simplicity and ease.

Q17. What is “${}” know as ?

Answer: “${}” is interpolation that was used with previous versions and still can be used.

Q18. What is default data type in Terraform ?

Answer: String.

Q19. What does .terraform directory contains?

Answer: .terraform directory stores downloaded packages and plugins and Terraform provider details.

Q20. What are Core Terraform commands?

Answer: terraform init ➔ terraform plan ➔ terraform apply

PAPER-3

Q1. How do you protect any Terraform provisioner to fail on terraform apply ?

Answer: By using on_failure settings as shown below.

resource "aws_instance" "web" {
  provisioner "local-exec" {
    command  = "echo The server's IP address is ${self.private_ip}"
    on_failure = "continue" # This will ignore the error and continue with creation or destruction or 
    fail       = It will Raise an Error 
  }
}

Q2. Is it Possible to skip Terraform backend ? If Yes, then how?

Answer: Yes you can skip terraform backend by running below command. command

terraform init -backend=false

Q3. How can you remove Plugin installation while initializing the terraform?

Answer: By running the following commands.

terraform init -get-plugins=false

Q4. What is the use of terraform plan command ?

Answer: Terraform plan command helps in creation of execution plan and determines which actions are necessary to achieve the desired state.

Q5. How can you allow terraform to self approve and deploy the infrastructure ?

Answer: Using below command.

terraform apply -auto-approve

Q6. How can you preview the behavior of terraform destroy command ?

Answer: Use the below command that will inform which resources will be destroyed.

terraform plan -destroy

Q7. How can you save the execution Plan ?

Answer: Save the execution Plan by using below command.

terraform plan -out=tf-plan

Q8. How can you see single attribute in state file?

Answer: By using below command.

terraform state show 'resource name'. 

Q9. How can you get detailed exit code while running plan in Terraform ?

Answer: By adding the -detailed-exitcode in terraform plan command.

terraform plan -detailed-exitcode. 

Q10. If you remove EC2 instance manually from AWS console which was created by terraform. What happens when you run terraform apply command next time? Does terraform recreate it ?

Answer: Yes , it does recreate it as this is already defined in state file.

Q11. What are Terraform backends?

Answer: Terraform backend determines where Terraform state is stored or loaded from. By default it is stored on local machine but you can also give remote backed such as AWS S3 bucket.

Q12. What do you mean by state lock ?

Answer: State lock gets applied as soon as you work on the resource. It helps in corruption of your state file.

Q13. Can you revert from remote backend to Local backend ? If yes then what next needs to be done?

Answer: Yes you can revert from remote backend to local backend by configuring in Terraform configuration file and later running terraform init command.

Q14. What is Command to Sync or reconcile your terraform state file if you modify terraform created resource manually?

Answer: Use Terraform refresh command.

Q15. Can you use output generated from one Terraform module to other Terraform module? If yes how?

Answer: Yes the output generated from one Terraform module can be used in other Terraform module. You can define in module block by specifying the source and version and then use it.

Q16. What is correct approach for declaring meta argument ? a = “${a}” or “${}” = a

Answer: a = “${a}” is correct way to use meta arguments. Now interpolation is used very rarely.

Q17. Name some important Data types in Terraform ?

Answer: String , lists , set, map , tuple , bool, number and object.

Q18. How do you convert built in function from String to number ?

Answer: parseint(“100″,”10”)

Q19. Which built in function evaluates expression and return Boolean result ?

Answer: can function.

Q20. How can you encode built in function to a string using JSON Syntax ?

Answer: jsonencode({“hello”=”America”})

Join 46 other followers

Conclusion

In this ultimate guide(Pass Terraform Certification with top Terraform Interview Questions and Answers), you had a chance to revise everything you needed to pass and crack the Terraform interview.

Now that you have sound knowledge of Terraform, and are ready for your upcoming interview.

Install ELK Stack on Ubuntu: Elasticsearch, Logstash, and Kibana Dashboard.

If you are looking to quickly install ELK Stack, previously known as Elastic stack, then you have come to the right place.

ELK Stack contains mainly four components, i.e., Elasticsearch, Logstash, Kibana Dashboard, Filebeat, and Metricbeat. Combing all these components, it is easier to store, search, analyze, and visualize logs generated from any source in any format.

In this tutorial, you will learn how to install ELK Stack, Elasticsearch, install Logstash, and install Kibana Dashboard on the Ubuntu machine.

Let’s dive in quickly.

Join 46 other followers

Table of Content

  1. Prerequisites
  2. How to Install Elasticsearch on ubuntu
  3. Configuring Elasticsearch on Ubuntu Machine
  4. How to Install Kibana on ubuntu
  5. Viewing Kibana Dashboard on Ubuntu Machine
  6. Verify the Kibana Dashboard
  7. How to Install Logstash
  8. Configuring Logstash with Filebeat
  9. Installing and Configuring Filebeat
  10. Installing and Configuring Metricbeat
  11. Verifying the ELK Stack in the Kibana Dashboard
  12. Conclusion
ELK Stack architecture
ELK Stack architecture

Prerequisites

  • Ubuntu machine preferably 18.04 version + , if you don’t have any machine you can create a ec2 instance on AWS account
  • Recommended to have 4GB RAM, at least 5GB of drive space.
  • Apache installed on the Ubuntu machine that works as a web server and proxy server.

You may incur a small charge for creating an EC2 instance on Amazon Managed Web Service.

How to Install Elasticsearch on ubuntu

Let’s kick off this tutorial by first installing the first component’s ELK stack that is Elasticsearch, but before you install Elasticsearch, you need to have java installed on the machine.

  • Login to Ubuntu machine using your favorite SSH client.
  • First, update your existing list of packages by running the below command.
sudo apt update
  • Now, install java using the apt install command as shown below.
# Installing Java Version: Java SE 11 (LTS)
sudo apt install default-jdk  
Installing Java
Installing Java
  • Next, verify the java version on your machine. As you can see below Java has been succesfully installed on ubuntu machine.
java -version               # To check the Installed Java Version
To check the Installed Java Version
To check the Installed Java Version
  • Further add the GPG key for the official Elastic repository to your system. This key builds the trust of your machine with Elastic official repository and enable access to all the open-source software in the ELK stack.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Adding the GPG key for the official Elastic repository to your system
Adding the GPG key for the official Elastic repository to your system
  • Install below prerequisites softwares so that apt uses packages over https protocol. The apt transport software allow your machine to connect with external respositories to connect over HTTPS or HTTP over TLS.
sudo apt install apt-transport-https ca-certificates curl software-properties-common
Installing softwares
Installing software
  • Now, add the Elastic repository to APT sources so that you can install all the required ELK package.
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee –a /etc/apt/sources.list.d/elastic-7.x.list
  • Next, update the system using the following commands.
sudo apt update
  • Now its time to Install Elasticsearch with the following command:
sudo apt-get install elasticsearch
Install Elasticsearch
Install Elasticsearch

Configuring Elasticsearch on Ubuntu Machine

Now that you have successfully installed Elasticsearch on your ubuntu machine, it is important to configure the hostname and the port in the Elasticsearch configuration file. Let’s do it.

  • Open the Elasticsearch configuration file with below command and uncomment the network.host, http.port parameter.
vi /etc/elasticsearch/elasticsearch.yml
 uncomment the network.host, http.port parameter.
Uncomment the network. Host, http. Port parameter.
  • In the Elasticsearch configuration file update the discovery.type as below.
update the discovery.type
Update the discovery.type
  • Now, start and enable the Elasticsearch service on the ubuntu machine using below commands.
sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service
start and enable the Elasticsearch service
start and enable the Elasticsearch service
 Checking the Elasticsearch service status
Checking the Elasticsearch service status
  • Finally, verify the Elasticsearch installtion by running the curl command on your machine on port 9200.
curl http://127.0.0.1:9200
Verify the Elasticsearch service
Verify the Elasticsearch service

How to Install Kibana on ubuntu

Now that you have successfully installed Elasticsearch and configured it. The next component you need to install in the ELK stack is Kibana and view the kibana dashboard. Let’s install Kibana.

  • Installing kibana is simple and you need to run a single command as shown below.
sudo apt-get install kibana
Installing kibana
Installing kibana

Join 46 other followers
  • Now Kibana is installed succesfully. You will need to make changes in configuration file of Kibana as you did earlier for elasticsearch. To make the configuration changes open the kibana.yml configuration file and uncomment the following lines:
server.port: 5601
server.host: "localhost"
elasticsearch.hosts: ["http://localhost:9200"]
uncomment the kibana port, URL and elasticsearch host
uncomment the kibana port, URL, and elasticsearch host

Kibana works on Port 5061 by default

  • Once the configuration file is updated, start and enable the Kibana service that you recently installed.
sudo systemctl start kibana
sudo systemctl enable kibana
starting and enabling the Kibana service
starting and enabling the Kibana service

Viewing Kibana Dashboard on Ubuntu Machine

Great, now you have elasticsearch running on Port 9200 and Kibana running on Port 5601. Still, to view the Kibana dashboard on the Ubuntu machine, you need to use the Apache server as your proxy server, allowing the Kibana Dashboard to be viewed on Port 80.

Let’s configure apache to run as a proxy server.

  • Create the configuration file named domain.conf in /etc/apache2/sites-available directory and copy/paste the below configuration file.
vi /etc/apache2/sites-available/domain.conf
<VirtualHost *:80>
    ServerName localhost
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyVia Full
    <Proxy *>
        Require all granted
    </Proxy>
    ProxyPass / http://127.0.0.1:5601/
    ProxyPassReverse / http://127.0.0.1:5601/
</VirtualHost>
  • After changing the Apache configuration file run the below commands so that apache works as proxy server.
sudo a2dissite 000-default
sudo a2enmod proxy proxy_http rewrite headers expires
sudo a2ensite domain.conf
sudo service apache2 restart

Verify the Kibana Dashboard

Earlier in the previous section, you installed kibana and configured it to run behind the apache server. Let’s verify by viewing the Kibana dashboard by navigating to the IP address of the server followed by Port 80.

As you can see below, the Kibana dashboard loads successfully.

Kibana dashboard loads successfully.
Kibana dashboard loads successfully.

How to Install Logstash

Logstash is a lightweight, open-source, server-side data processing pipeline that allows you to collect data from various sources, transform it on the fly, and send it to your desired destination. Logstash is a tool that collects data from multiple sources, stores it in Elasticsearch, and is parsed by Kibana.

With that, let’s install the third component used in Elastic Stack. Let’s install Logstash on an Ubuntu machine.

  • Install Logstash by running the following command.
sudo apt-get install logstash
Installing Logstash
Installing Logstash
  • Now start and enable the Logstash by running the systemctl commands.
sudo systemctl start logstash
sudo systemctl enable logstash
Starting and Enabling the Logstash
Starting and Enabling the Logstash
  • Finally verify the Logstash by running the below command.
sudo systemctl status logstash
Verifying the Logstash
Verifying the Logstash

Configuring Logstash with Filebeat

Awesome, now you have Logstash installed. You will configure beats in the Logstash; although beats can send the data directly to the Elasticsearch database, it is good to use Logstash to process the data. Let’s configure beats in the Logstash with the below steps.

  • Create a file named logstash.conf and copy/paste the below data that allows you to set up Filebeat input .
# Specify the incoming logs from the beats in Logstash over Port 5044

input {
  beats {
    port => 5044
  }
}

# By filter syslog messages are sent to Elasticsearch

filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
}

# Specify output will push logstash logs to an Elastisearch instance

output {
  elasticsearch { hosts => ["localhost:9200"]
    hosts => "localhost:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

  • Now test your Logstash configuration with below command. If you see Configuration OK message then the setup is properly done.
sudo -u logstash /usr/share/logstash/bin/logstash --path.settings /etc/logstash -t
test your Logstash configuration
Test your Logstash configuration
  • Finally start and enable Logstash with below command.
sudo systemctl start logstash
sudo systemctl enable logstash

Installing and Configuring Filebeat

The Elastic Stack uses lightweight data shippers called beats ( such as Filebeat, Metricbeat ) to collect data from various sources and transport them to Logstash or Elasticsearch. You will learn to install and configure Filebeat on an Ubuntu machine that will be used to push data in Logstash and further to Kibana.

  • Install Filebeat on ubuntu machine using following commnads.
sudo apt install filebeat
Installing the Filebeat
Installing the Filebeat
  • Next, edit the Filebeat configuration file so that filebeat is able to connect to Logstash. Uncomment the output.logstash and hosts: [“localhost:5044”] and comment the output.elasticsearch: and hosts: [“localhost:9200”].
vi /etc/filebeat/filebeat.yml
Uncomment the output.logstash and hosts: ["localhost:5044"]
Uncomment the output.logstash and hosts: [“localhost:5044”]
comment the output.elasticsearch: and hosts: ["localhost:9200"]
comment the output.elasticsearch: and hosts: [“localhost:9200”]
  • Next enable the filebeat with below command.
sudo filebeat modules enable system
sudo filebeat setup --pipelines --modules system
Enabling the filebeat
Enabling the filebeat
  • Now, Load the index template from the Filebeat into Logstash by running the below command. Index template are collection of documents that have similar characteristics.
sudo filebeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'
Load the index template from the Filebeat into Logstash
Load the index template from the Filebeat into Logstash
  • Also run the below command so that Logstash can further push to Elasticsearch.
sudo filebeat setup -e -E output.logstash.enabled=false -E output.elasticsearch.hosts=['localhost:9200'] -E setup.kibana.host=localhost:5601
Logstash can further push to Elasticsearch
Logstash can further push to Elasticsearch
  • Now you can start and enable Filebeat.
sudo systemctl start filebeat
sudo systemctl enable filebeat
start and enable Filebeat

Installing and Configuring Metricbeat

Previously you learned to install and configure Filebeat, but this time you will learn to install and configure Metricbeat. Metricbeat is a lightweight shipper that you can install on your servers to periodically collect metrics from the operating system and from services running on the server.

  • To download and install Metricbeat, open a terminal window and use the commands that work with your system:
curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.16.3-amd64.deb
sudo dpkg -i metricbeat-7.16.3-amd64.deb
  • From the Metricbeat install directory, enable the system module:
sudo metricbeat modules enable system
  • Set up the initial environment for Metricbeat and Start Metricbeat by running the following commands.
sudo metricbeat setup -e
sudo service metricbeat start

Verifying the ELK Stack in the Kibana Dashboard

Now that you have your ELK Elastic Stack set up completely. Filebeat and Metricbeat will begin pushing the Syslog and authorization logs to Logstash, then load that data into Elasticsearch. To verify if Elasticsearch is receiving the data, query the index with the below command.

 curl -XGET http://localhost:9200/_cat/indices?v
  • As you can see below the request is successful, that means the data that was pushed by filebeat is successfully stored in elasticsearch.
Filebeat and Metricbeat pushing the data in ELasticsearch
Filebeat and Metricbeat pushing the data in ELasticsearch
Kibana Dashboard with beats configured
Kibana Dashboard with beats configured
Logs from Metricbeat in Kibana Dashboard.
Logs from Metricbeat in Kibana Dashboard.

Join 46 other followers

Conclusion

In this tutorial, you learned how to install ELK Stack, including installing components, i.e., Elasticsearch, Logstash, Kibana Dashboard, Filebeat, and Metricbeat on the Ubuntu machine.

Now that you have a strong understanding of ELK Stack and all the components, which application do you plan to monitor next?

Learn Terraform: The Ultimate terraform tutorial [PART-2]

In the previous; Learn Terraform: The Ultimate terraform tutorial [PART-1], you got a jump start into Terraform world; why not gain a more advanced level of knowledge of Terraform that you need to become a terraform pro.

In this Learn Terraform: The Ultimate terraform tutorial [PART-2] guide, you will learn more advanced level of Terraform concepts such as terraform lifecycle, terraform function, terraform modules, terraform provisioners, terraform init, terraform plan, terraform apply commands and many more.

Without further delay, let’s get into it.

Join 46 other followers

Table of Content

  1. What are Terraform modules?
  2. Terraform provisioner
  3. Terraform Lifecycle
  4. Terraform jsonencode example with Terraform json
  5. Terraform locals
  6. Terraform conditional expression
  7. Terraform dynamic block conditional
  8. Terraform functions
  9. Terraform can function
  10. Terraform try function
  11. Terraform templatefile function
  12. Terraform data source
  13. Terraform State file
  14. Terraform backend [terraform backend s3]
  15. Terraform Command Line or Terraform CLI
  16. Quick Glance of Terraform CLI Commands
  17. Terraform ec2 instance example (terraform aws ec2)

What are Terraform modules?

Terraform modules contain the terraform configuration files that may be managing a single resource or group of resources. For example, if you are managing a single resource in the single terraform configuration file that is also a Terraform module, or if you wish to manage multiple resources defined different files and later clubbed together in a single file, that is also known as Terraform modules or a root module.

A Terraform root module can have multiple individual child modules, data blocks, resources blocks, and so on. To call a child module, you will need to explicitly define the location of the child module using the source argument as shown below.

  • In the below code the location of module EFS is one directory behind the current directory, so you defined the local Path as ./modules/EFS
module "efs" {                            # Module and Label is efs
  source               = "./modules/EFS"  # Define the Path of Child Module                             
  subnets              = var.subnet_ids
  efs_file_system_name = var.efs_file_system_name
  security_groups      = [module.SG.efs_sg_id]
  role_arn             = var.role_arn
}
  • In some cases the modules are stored in Terraform Registry, GitHub, Bitbucket, Mercurial Repo, S3 bucket etc and to use these repsoitories as your source you need to declare as shown below.
module "mymodule1" {                              # Local Path located  Module
  source = "./consul"
}

module "mymodule2" {                              # Terraform Registry located Module
  source = ".hasicorp/consul/aws"
  version = "0.1.0"
}

module "mymodule3" {                              # GIT located  Module
  source = "github.com/automateinfra/"
}

module "mymodule4" {                              # Mercurial located  Module
  source = "hg::https://automateinfra.com/vpc.hg"
}

module "mymodule5" {                               # S3 Bucket located  Module
  source = "s3::https://s3-eu-west-1.amazonaws.com/vpc.zip"
}
The diagram displaying the root module ( module1 and module2) containing the child modules such as (ec2, rds, s3 etc)
The diagram displaying the root module ( module1 and module2) containing the child modules such as (ec2, rds, s3, etc.)

Terraform provisioner

Do you know what Terraform allows you to perform an action on your local machine or remote machine such as running a command on the local machine, copying files from local to remote machines or vice versa, Passing data into virtual machines, etc. all this can be done by using Terraform provisioner?

Terraform provisioners allow to pass data in any resource that cannot be passed when creating resources. Multiple terraform provisioners can be specified within a resource block and executed in the order they’re defined in the configuration file.

The terraform provisioners interact with remote servers over SSH or WinRM. Most cloud computing platforms provide mechanisms to pass data to instances at the time of their creation such that the data is immediately available on system boot. Still, you can pass the data with Terraform provisioners even after creating the resource.

Terraform provisioners allows you to declare conditions such as when = destroy , on_failure = continue and If you wish to run terraform provisioners that aren’t directly associated with a specific resource, use null_resource.

Let’s look at the example below to declare multiple terraform provisioners.

  • Below code creates two resources where resource1 create an AWS EC2 instance and other work with Terraform provisioner and performs action on the AWS EC2 instance such as copying apache installation instrution from local machine to remote machine and then using file installing apache on the AWS EC2 instance.

resource "aws_instance" "resource1" {
  instance_type = "t2.micro"
  ami           = "ami-9876"
  timeouts {                     # Customize your operations longevity
   create = "60m"
   delete = "2h"
   }
}

resource "aws_instance" "resource2" {

  provisioner "local-exec" {
    command = "echo 'Automateinfra.com' >text.txt"
  }
  provisioner "file" {
    source      = "text.txt"
    destination = "/tmp/text.txt"
  }
  provisioner "remote-exec" {
    inline = [
      "apt install apache2 -f /tmp/text.txt",
    ]
  }
}

Join 46 other followers

Terraform Lifecycle

Terraform lifecycle defines the behavior of resources how they should be treated, such as ignoring changes to tags, preventing destroy the infrastructure.

There are mainly three arguments that you can declare within the Terraform lifecycle such as :

  1. create_before_destroy: By default Terraform destroys the existing object and then create a new replacement object but with create_before_destroy argument within terraform lifecycle the new replacement object is created first, and then the legacy or prior object is destroyed.
  2. prevent_destroy: Terraform skips the destruction of the existing object if you declare prevent_destroy within the terraform lifecycle.
  3. ignores-changes: When you execute Terraform commands if there are any differences or changes required in the infrastructure terraform by default informs you however if you need to ignores the changes, then consider using ignore_changes inside the terraform lifecycle.
  • In the below code aws_instance will ignore any tag changes for the instance and for azurerm_resource_group new resource group is created first and then destroyed once the new replacement is ready.
resource "aws_instance" "automate" {
  lifecycle {
    ignore_changes = [
      tags,
    ]
  }
}

resource "azurerm_resource_group" "automate" {
  lifecycle {
    create_before_destroy = true
  }
}

Terraform jsonencode example with Terraform json

If you need to encode Json files in your terraform code, consider using terraform jsonencode function. This is a quick section about terraform jsonencode, so let’s look at a basic Terraform jsonencode example with Terraform json.

  • The below code creates an IAM role policy in which you are defining the policy statement in json format.
resource "aws_iam_role_policy" "example" {
  name   = "example"
  role   = aws_iam_role.example.name
  policy = jsonencode({
    "Statement" = [{
      # This policy allows software running on the EC2 instance to access the S3 API
      "Action" = "s3:*",
      "Effect" = "Allow",
    }],
  })
}

Terraform locals

Terraform locals are the values that are declared once but can be referred to multiple times in the resource or module block without repeating it.

Terraform locals helps you to decrease the number of code lines and reduce the repetitive code.

locals {                                         # Declaring the set of related locals in a single block
  instance = "t2.micro"
  name     = "myinstance"
}

locals {                                         # Using the Local values 
 common_tags {
  instance_type  = local.instance
  instance_name  = local.name
   }
}

resource "aws_instance" "instance1" {            # Using the newly created Local values
  tags = local.common_tags
}

resource "aws_instance" "instance2" {             # Using the newly created Local values
  tags = local.common_tags
}

Terraform conditional expression

There is multiple time when you will encounter using conditional expressions in Terraform. Let’s look at some important terraform conditional expression examples below, which will forever help you using Terraform. Let’s get into it.

  • Below are examples on how to retrieve outputs with different conditions.
aws_instance.myinstance.id      # This will provide you a result with Ec2 Instance details.
aws_instance.myinstance[0].id   # This will provide you a result with first Ec2 Instance details.
aws_instance.myinstance[1].id   # This will provide you a result with second Ec2 Instance details
aws_instance.myinstance.*id     # This will provide you a result with all Ec2 Instance details
  • Now, let us see few complex examples where different conditions are applied to retrieve outputs.
[for value in aws_instance.myinstance:value.id]    # Returns all instance values by their ids.
var.a != "auto" ? var.a : "default-a"              # if var.a is auto then use var.a else default-a
[for a in var.list : a.instance[0].name]           # var.list[*].instance[0].name
[for a in var.list: upper(a)]                      # iterates over each item in var.list and lists upper case 
[for a in var.list : a => upper(a)]     # list original objects and corresponding upper case [("a","A"),("c","C")]                                                         


Terraform dynamic block conditional

Terraform dynamic block conditional is used when resource or module block cannot accept the static value of the argument and instead depend on separate objects that are related to, embedded within the other block or outputs.

For example application = "${aws_elastic_beanstalk_application.tftest.name}" .

Also, while creating any resource in the module, you are not allowed to provide the arguments multiple times, such as name and value, so in that case, you can use dynamic settings. Below is a basic example of a dynamic setting.

resource "aws_elastic_beanstalk_environment" "tfenvtest" {
  name                = "tf-test-name"
  application         = "${aws_elastic_beanstalk_application.tftest.name}"
  solution_stack_name = "64bit Amazon Linux 2018.03 v2.11.4 running Go 1.12.6"

  dynamic "setting" {
    for_each = var.settings
    content {
      namespace = setting.value["namespace"]
      name = setting.value["name"]
      value = setting.value["value"]
    }
  }
}

Terraform functions

The Terraform includes multiple terraform functions, also known as built-in functions that you can call from within expressions to transform and combine values. The syntax for function calls is a function name followed by comma-separated arguments in parentheses: min, join, element, jsonencode, etc.

min(2,3,4)                                 # The output of this function is 2

join("","","hello", "Automate", "infra")   # The output of this function is hello, Automate , infra

element(["a", "b", "c"], length(["a", "b", "c"])-1)   # The output of this function is c

lookup({a="ay", b="bee"}, "c", "unknown?")          # The output of this function is unknown

jsonencode({"hello"="Automate"})          # The output of this function is {"hello":"Automate"}

jsondecode("{\"hello\": \"Automate\"}")   # The output of this function is { "hello"="Automate"}                                                           
                                                                 

Terraform can function

Terraform can evaluate the given expression or condition and accordingly returns a boolean value (true if the expression is valid, else false if the result has any errors. This special function can catch errors produced when evaluating its argument.

local.instance {
  myinstance1 = "t2.micro"
  myinstance2 = "t2.medium"
}

can(local.instance.myinstance1) #  This is True
can(local.instance.myinstance3) #  This is False

variable "time" {
  validation {
     condition  = can(formatdate("","var.time"))   # Checking the 2nd argument
  }
}


Terraform try function

Terraform try function evaluates all of its argument expressions in turn and returns the result of the first one that does not produce any errors.

As you can check below, the terraform try function checks the expression and returns the first correct option, t2.micro, in the first and second options in the second case.

local.instance {
  myinstance1 = "t2.micro"
  myinstance2 = "t2.medium"
}

try(local.instance.myinstance1, "second-option") # This is available in local so output is t2.micro
try(local.instance.myinstance3, "second-option") # This is not available in local so output is second-option

Terraform templatefile function

The Terraform templatefile function reads the file at a given directory or path and renders the content present in the file as a template using the template variable.

Syntax: templatefile(path,vars)
  • Lets understand the example of Terraform templatefile function with Lists. Given below is the backend.tpl template file with below content. When you execute the templatefile() function it renders the backend.tpl and assigns the address and port to the backend argument.
# backend.tpl

%{for addr in ipaddr ~}      # Condition via Directive
backend ${addr}:${port}      # Prints this      
%{end for ~}                 # Condition via Directive

templatefile("${path.module}/backend.tpl, { port = 8080 , ipaddr =["1.1.1.1","2.2.2.2"]})

backend 1.1.1.1:8080
backend 2.2.2.2:8080
  • Lets checkout another example of Terraform templatefile function but this time with maps. When you execute the templatefile() function it renders the backend.tpl and assigns the value of set with each config mentioned in the templatefile (a=automate and i=infra).
# backend.tmpl

%{ for key,value in config }
set ${key} = ${value}
%{ endfor ~}

  • Execute the function
templatefile("${path.module}/backend.tmpl,
     { 
        config = {
              "a" = "automate"
              "i" = "infra"
           } 
      })

set a = automate
set i = infra

Terraform data source

Terraform data source allows you to fetch the data defined outside of Terraform, defined by another separate Terraform configuration, or modified by functions. After fetching the data, Terraform data source can use it as input and apply it to other resources.

Let’s learn with a basic example. In the below code, you will notice that using data it is fetching the instance details with a provided instance_id.

data "aws_instance" "my-machine1" {          # Fetching the instance
  instance_id = "i-0a0269cf952a02832"
  }

Terraform State file

The main function of the Terraform state file is to store the terraform state, which contains bindings between objects in remote systems and is defined in your Terraform configuration files. Terraform State file is by default stored locally on your machine where you run the Terraform commands with the name of terraform.tfstate.

The Terraform state is stored in JSON formats. When you run terraform show or terraform output command, it fetches the output in JSON format from the Terraform state file. Also, you can import existing infrastructure which you have created by other means such as manually or using scripts within Terraform state file.

When you are an individual, it is ok to keep the Terraform state file in your local machine but when you work in a team, consider storing it in a repository such as AWS S3, etc. While you write anything on the resource that is Terraform configuration file, then the Terraform state file gets Locked, which prevents someone else from using it simultaneously and avoids it being corrupted.

You can store your remote state file in S3, Terraform Cloud, Hasicorp consul, Google cloud storage, Azure blob storage, etc.

Join 46 other followers

Terraform backend [terraform backend s3]

Terraform backend is a location where terraform state file resides. The Terraform state file contains all the resource details and tracking which were provisioned or will be provisioned with Terraform, such as terraform plan or terraform apply command.

There are two types of Backend; one is local that resides where you run terraform from it could be Linux machine, windows machine or wherever you run it from, and other is remote backend which could be SAAS based URL or storage location such as AWS S3 bucket.

Let’s take a look at how you can configure local backend or remote backend with terraform backend s3

# Local Backend
# whenever statefile is created or updates it is stored in local machine.

terraform {
  backend "local" {
    path = "relative/path/to/terraform.tfstate"
  }
}

# Configuring Terraform to use the remote terraform backend s3.
# whenever statefile is created or updates it is stored in AWS S3 bucket. 

terraform {
  backend "s3" {
    bucket = "mybucket"
    key    = "path/to/my/key"
    region = "us-east-2"
  }
}

Terraform Command Line or Terraform CLI

The Terraform command-line interface or Terraform CLI can be used via terraform command, which accepts a variety of subcommands such as terraform init or terraform plan. Below is the list of all of the supported subcommands.

  • terraform init: It initializes the provider, module version requirements, and backend configurations.
  • terraform init -input=true ➔ You can need to provide the inputs on the command line else terraform will fail.
  • terraform init -lock=false ➔ Disable lock of terraform state file but this is not recommended
  • terraform init -upgrade ➔ Upgrades Terraform modules and Terraform plugins
  • terraform plan: terraform plan command determines the state of all resources and compares them with real or existing infrastructure. It uses terraform state file data to compare and provider API to check.
  • terraform plan -compact-warnings ➔ Provides the summary of warnings
  • terraform plan -out=path ➔ Saves the execution plan on the specific directory.
  • terraform plan -var-file= abc.tfvars ➔ To use specfic terraform.tfvars specified in the directory.
  • terraform apply: To apply the changes in a specific cloud such as AWS or Azure.
  • terraform apply -backup=path ➔ To backup the Terraform state file
  • terraform apply -lock=true ➔ Locks the state file
  • terraform apply -state=path ➔ prompts to provide the path to save the state file or use it for later runs.
  • terraform apply -var-file= abc.tfvars ➔ Enter the specific terraform.tfvars which contains environment-wise variables.
  • terraform apply -auto-approve ➔ This command will not prompt to approve the apply command.
  • terraform destroy: It will destroy terraform-managed infrastructure or the existing enviornment created by Terraform.
  • terraform destroy -auto-approve ➔ This command will not prompt to approve the destroy command.
  • terraform console: Provides interactive console to evaluate the expressions such as join command or split command.
  • terraform console -state=path ➔ Path to local state file
  • terraform fmt: terraform fmt command formats the configuration files in the proper format.
  • terraform fmt -check ➔ Checks the input format
  • terraform fmt – recursive ➔ It formats Terraform configuration files stored in subdirectories.
  • terraform fmt – diff ➔ displays the difference between the current and previous formats.
  • terraform validate -json ➔ Output is in json format
  • terraform graph: terraform graph generates a visual representation of the execution plan in graph form.
  • terraform graph -draw-cycles
  • terraform graph -type=plan
  • terraform output: terraform output command extracts the values of an output variable from the state file.
  • terraform output -json
  • terraform output -state=path
  • terraform state list: It lists all the resources present in the state file created or imported by Terraform.
  • terraform state list – id=id ➔ This command will search for a particular resource using resource id in Terraform state file.
  • terraform state list -state=path ➔ This command will prompt you to provide the path of the state file and then provides the list of all resources in terraform state file.
  • terraform state show: It shows attributes of specific resources.
  • terraform state show -state=path ➔ This command will prompt you to provide the path and then provide the attributes of specific resources.
  • terraform import: This command will import existing resources from infrastructure which was not created using terraform but will be imported in terraform state file and will be included in Terraform next time we run it.
  • terraform refresh: It will reconcile the Terraform state file. Whatever resource you created using terraform and if they are manually or by any means modified, the refresh will sync them in the state file.
  • terraform state rm: This command will remove the resources from the Terraform state file without actually removing the existing resources.
  • terraform state mv: This command moves the resources within the Terraform state file from one location to another
  • terraform state pull: This command will manually download the Terraform state file from a remote state in your local machine.

Quick Glance of Terraform CLI Commands

Initialize ProvisionModify ConfigCheck infraManipulate State
terraform initterraform planterraform fmtterraform graphterraform state list
terraform getterraform applyterraform validateterraform outputterraform state show
terraform destroyterraform consoleterraform state show terraform state mv/rm
terraform state listterraform state pull/push
Terraform CLI commands

Terraform ec2 instance example (terraform aws ec2)

Let’s wrap up this ultimate guide with a basic Terraform ec2 instance example or terraform aws ec2.

  • Assuming you already have Terraform installed on your machine.
  • First create a folder of your choice in any directory and a file named main.tf inside it and copy/paste the below content.
# This is main.tf terraform file.

resource "aws_instance" "my-machine" {
  ami = "ami-0a91cd140a1fc148a"
  for_each  = {
      key1 = "t2.micro"
	  key2 = "t2.medium"
   }
    instance_type      = each.value
	key_name       = each.key
    tags =  {
	   Name  = each.value
	}
}

resource "aws_iam_user" "accounts" {
  for_each = toset( ["Account11", "Account12", "Account13", "Account14"] )
  name     = each.key
}

  • Create another file vars.tf inside the same folder and copy/paste the below content.

#  This is var.tf terraform file.

variable "tag_ec2" {
  type = list(string)
  default = ["ec21a","ec21b"]
}
  • Finally, create another file output.tf again in the same folder and copy/paste the below content.
# This is  output.tf terraform file

output "aws_instance" {
   value = "${aws_instance.my-machine.*.id}"
}
output "aws_iam_user" {
   value = "${aws_iam_user.accounts.*.name}"
}


Make sure your machine has Terraform role attached or Terraform credentials configured properly before you run the below Terraform commands.

terraform -version  # It gives Terraform Version information
Finding Terraform version
Finding Terraform version
  • Now Initialize the terraform by running the terraform init command in same working directory where you have all the above terraform configuration files.
terraform init   # To initialize the terraform 
Initializing the terraform using terraform init command
Initializing the terraform using terraform init command
  • Next run the terraform plan command. This command provides the blueprint of what all resources will be deployed before deploying actually.
terraform plan   
Running the terraform plan command
Running the terraform plan command
terraform validate   # To validate all terraform configuration files.
Running the terraform validate command
Running the terraform validate command
  • Now run the Terraform show command provides the human readable output of state file that gets generated only after terraform plan command.
terraform show   # To provide human-readable output from a state or plan file.
Running the terraform show command
Running the terraform show command
  • To list all resources within terraform state file run the terraform state list command.
terraform state list 
Running the terraform state list command
Running the terraform state list command
terraform apply  # To Actually apply the resources 
Running the terraform apply command
Running the terraform apply command
  • To provide graphical view of all resources in configuration files run terraform graph command.
terraform graph  
Running the terraform graph command
Running the terraform graph command
  • To Destroy the resources that are provisioned using Terraform run Terraform destroy command.
terraform destroy   # Destroys all your resources or the one which you specified 
Running the terraform destroy command
Running the terraform destroy command

Join 46 other followers

Conclusion

Now that you have learned everything you should know about Terraform, you are sure going to be the Terraform leader in your upcoming projects or team or organizations.

So with that, what are you planning to automate using Terraform in your next adventure?

Learn Terraform: The Ultimate terraform tutorial [PART-1]

If you are looking to learn to terraform, then you are in the right place; this Learn Terraform: The Ultimate terraform tutorial guide will simply help you to gain complete knowledge that you need from basics to becoming a terraform pro.

Terraform infrastructure as a code tool to build and change the infrastructure effectively and simpler way. With Terraform, you can work with various cloud providers such as Amazon AWS, Oracle, Microsoft Azure, Google Cloud, and many more.

Let’s get started with Learn Terraform: The Ultimate terraform tutorial without further delay.

Join 46 other followers

Table of Content

  1. Prerequisites
  2. What is terraform?
  3. Terraform files and Terraform directory structure
  4. How to declare Terraform variables
  5. How to declare Terraform Output Variables
  6. How to declare Terraform resource block
  7. Declaring Terraform resource block in HCL format.
  8. Declaring Terraform resource block in terraform JSON format.
  9. Declaring Terraform depends_on
  10. Using Terraform count meta argument
  11. Terraform for_each module
  12. Terraform provider
  13. Defining multiple aws providers terraform
  14. Conclusion

Prerequisites

What is terraform?

Let’s kick off this tutorial with What is Terraform? Terraform is a tool for building, versioning, and updating the infrastructure. It is written in GO Language, and the syntax language of Terraform configuration files is HCL, i.e., HashiCorp Configuration Language, which is way easier than YAML or JSON.

Terraform has been in use for quite a while now and has several key features that make this tool more powerful such as

  • Infrastructure as a code: Terraform execution and configuration files are written in Infrastructure as a code language which comes under High-level language that is easy to understand by humans.
  • Execution Plan: Terraform provides you in depth details of execution plan such as what terraform will provision before deploying the actual code and resources it will create.
  • Resource Graph: Graph is an easier way to identify and manage the resource and quick to understand.

Terraform files and Terraform directory structure

Now that you have a basic idea of Terraform and some key features of Terraform. Let’s now dive into Terraform files and Terraform directory structure that will help you write the Terraform configuration files later in this tutorial.

Terraform code, that is, Terraform configuration files, are written in a tree-like structure to ease the overall understanding of code with .tf format or .tf.json or .tfvars format. These configuration files are placed inside the Terraform modules.

Terraform modules are on the top level in the hierarchy where configuration files reside. Terraform modules can further call another child to terraform modules from local directories or anywhere in disk or Terraform Registry.

Terraform modules folder structure
Terraform modules folder structure

Terraform contains mainly five files as main.tf , vars.tf , providers.tf , output.tf and terraform.tfvars.

  1. main.tf – Terraform main.tf file contains the main code where you define which resources you need to build, update or manage.
  2. vars.tf – Terraform vars.tf file contains the input variables which are customizable and defined inside the main.tf configuration file.
  3. output.tf : The Terraform output.tf file is the file where you declare what output paraeters you wish to fetch after Terraform has been executed that is after terraform apply command.
  4. .terraform: This directory contains cached provider , modules plugins and also contains the last known backend configuration. This is managed by terraform and created after you run terraform init command.
  5. terraform.tfvars files contains the values which are required to be passed for variables that are refered in main.tf and actually decalred in vars.tf file.
  6. providers.tf – The povider.tf is the most important file whrere you define your terraform providers such as terraform aws provider, terraform azure provider etc to authenticate with the cloud provider.

How to declare Terraform variables

In the previous section, you learned Terraform files and Terraform directory structure. Moving further, it is important to learn how to declare Terraform variables in Terraform configuration file (var. tf)

Declaring the variables allows you to share modules across different Terraform configurations, making your module reusable. There are different types of variables used in Terraform, such as boolean, list, string, maps, etc. Let’s see how different types of terraform variables are declared.

  • Each input variable in the module must be declared using a variable block as shown below.
  • The label after the variable keyword is a name for the variable, which should be unique within the same module
  • The following arguments can be used within the variable block:
    • default – A default value allows you to decalre the value in this block only and makes the variable optional.
    • type – This argument declares the value types.
    • description – You can provide the description of the input variable’s.
    • validation -To define validation rules if any.
    • sensitive – If you specify the value as senstive then terraform will not print the values in while executing.
    • nullable – Specify null if you dont need any value for the variable.
variable "variable1" {                        
  type        = bool
  default     = false
  description = "boolean type variable"
}

variable  "variable2" {                       
   type    = map
   default = {
      us-east-1 = "image-1"
      us-east-2 = "image2"
    }

   description = "map type  variable"
}

variable "variable3" {                   
  type    = list(string)
  default = []
  description = "list type variable"
}

variable "variable4" {
  type    = string
  default = "hello"
  description = "String type variable"
}                        

variable "variable5" {                        
 type =  list(object({
  instancetype        = string
  minsize             = number
  maxsize             = number
  private_subnets     = list(string)
  elb_private_subnets = list(string)
            }))

 description = "List(Object) type variable"
}


variable "variable6" {                      
 type = map(object({
  instancetype        = string
  minsize             = number
  maxsize             = number
  private_subnets     = list(string)
  elb_private_subnets = list(string)
  }))
 description = "Map(object) type variable"
}


variable "variable7" {
  validation {
 # Condition 1 - Checks Length upto 4 char and Later
    condition = "length(var.image_id) > 4 && substring(var.image_id,0,4) == "ami-"
    condition = can(regex("^ami-",var.image_id)    
# Condition 2 - It checks Regular Expression and if any error it prints in terraform error_message =" Wrong Value" 
  }

  type = string
  description = "string type variable containing conditions"
}

Terraform variables follows below higher to the lower priority order.

  1. Specifying the environment variables like export TF_VAR_id='["id1","id2"]''
  2. Specifying the variables in the teraform.tfvars file
  3. Specifying the variables in theterraform.tfvars.json file
  4. Specifying the variables in the *.auto.tfvars or *.auto.tfvars.json file
  5. Specifying the variables on the command line with -var and -var-file options

How to declare Terraform Output Variables

In the previous section, you learned how to use terraform variables in the Terraform configuration file. As learned earlier, modules contain one more important file: outputs. tf that contains terraform output variables.

  • In the below output.tf file the you can see there are two different terraform output variables named:
  • output1 that will store and display the arn of instance after running terraform apply command.
  • output2 that will store and display the public ip address of the instance after running terraform apply command.
  • output3 that will store but doesnt display the private ip address of the instance after running terraform apply command using sensitive argument.
# Output variable which will store the arn of instance and display after terraform apply command.

output "output1" {
  value = aws_instance.my-machine.arn
}

# Output variable which will store instance public IP and display after terraform apply command
 
output "output2" {
  value       = aws_instance.my-machine.public_ip
  description = "The public IP address of the instance."
}

output "output3" {
  value = aws_instance.server.private_ip
# Using sensitive to prevent Terraform from showing the ouput values in terrafom plan and apply command.  
  senstive = true                             
}

How to declare Terraform resource block

You are going great in learning the terraform configuration file, but do you know your modules contain one more important main file.tf file, which allows you to manage, create, update resources with Terraform, such as creating AWS VPC, etc., and to manage the resource, you need to define them in terraform resource block.

# Below Code is a resource block in Terraform

resource "aws _vpc" "main" {    # <BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" {
cidr_block = var.block          # <IDENTIFIER> =  <EXPRESSION>  #Argument (assigns value to name)
}                             

Declaring Terraform resource block in HCL format.

Now that you have an idea about the syntax of terraform resource block let’s check out an example where you will see resource creation using Terraform configuration file in HCL format.

  • Below code creates two resources where resource1 create an AWS ec2 instance and other work with Terraform provisioner and install apache on ec2 instance. Timeouts customizes how long certain operations are allowed.

There are some special arguments that can be used with resources such as depends_on, count, lifecycle, for_each and provider, and lastly provisioners.

resource "aws_instance" "resource1" {
  instance_type = "t2.micro"
  ami           = "ami-9876"
  timeouts {                          # Customize your operations longevity
   create = "60m"
   delete = "2h"
   }
}

resource "aws_instance" "resource2" {
  provisioner "local-exec" {
    command = "echo 'Automateinfra.com' >text.txt"
  }
  provisioner "file" {
    source      = "text.txt"
    destination = "/tmp/text.txt"
  }
  provisioner "remote-exec" {
    inline = [
      "apt install apache2 -f /tmp/text.txt",
    ]
  }
}

Declaring Terraform resource block in terraform JSON format.

Terraform language can also be expressed in terraform JSON syntax, which is harder for humans to read and edit but easier to generate and parse programmatically, as shown below.

  • Below example is same which you previously created using HCL configuration but this time it is using terraform JSON syntax. Here also code creates two resources resource1 → AWS EC2 instance and other resource work with Terraform provisioner to install apache on ec2 instance.
{
  "resource": {
    "aws_instance": {
      "resource1": {
        "instance_type": "t2.micro",
        "ami": "ami-9876"
      }
    }
  }
}


{
  "resource": {
    "aws_instance": {
      "resource2": {
        "provisioner": [
          {
            "local-exec": {
              "command": "echo 'Automateinfra.com' >text.txt"
            }
          },
          {
            "file": {
              "source": "example.txt",
              "destination": "/tmp/text.txt"
            }
          },
          {
            "remote-exec": {
              "inline": ["apt install apache2 -f tmp/text.txt"]
            }
          }
        ]
      }
    }
  }
}

Declaring Terraform depends_on

Now that you learned how to declare Terraform resource block in HCL format but within the resource block, as discussed earlier, you can declare special arguments such as depends_on. Let’s learn how to use terraform depends_on meta argument.

Use the depends_on meta-argument to handle hidden resource or module dependencies that Terraform can’t automatically handle.

  • In the below example while creating a resource aws_rds_cluster you need the information about the aws_db_subnet_group so aws_rds_cluster is dependent and in order to specify the dependency you need to declare depends_on meta argument within aws_rds_cluster.
resource "aws_db_subnet_group" "dbsubg" {
    name = "${var.dbsubg}" 
    subnet_ids = "${var.subnet_ids}"
    tags = "${var.tag-dbsubnetgroup}"
}

# Component 4 - DB Cluster and DB Instance

resource "aws_rds_cluster" "main" {
  depends_on                   = [aws_db_subnet_group.dbsubg]  
  # This RDS cluster is dependent on Subnet Group

Join 46 other followers

Using Terraform count meta argument

Another special argument is Terraform count. By default, terraform create a single resource defined in Terraform resource block. But at times, you want to manage multiple objects of the same kind, such as creating four AWS EC2 instances of the same type in the AWS cloud without writing a separate block for each instance. Let’s learn how to use Terraform count meta argument.

  • In the below code terraform will create 4 instance of t2.micro type with (ami-0742a572c2ce45ebf) ami as shown below.
resource "aws_instance" "my-machine" {
  count = 4 
  
  ami = "ami-0742a572c2ce45ebf"
  instance_type = "t2.micro"
  tags = {
    Name = "my-machine-${count.index}"
         }
}
Using Terraform count to create four ec2 instance
Using Terraform count to create four ec2 instance
  • Similarly in the below code terraform will create 4 AWS IAM users named user1, user2, user3 and user4.
resource "aws_iam_user" "users" {
  count = length(var.user_name)
  name = var.user_name[count.index]
}

variable "user_name" {
  type = list(string)
  default = ["user1","user2","user3","user4"]
}
Using Terraform count to create four IAM user
Using Terraform count to create four IAM user

Terraform for_each module

Earlier in the previous section, you learned to terraform count is used to create multiple resources with the same characteristics. If you need to create multiple resources in one go but with certain parameters, then terraform for_each module is for you.

The for_each meta-argument accepts a map or a set of strings and creates an instance for each item in that map or set. Let’s look at the example below to better understand terraform for_each.

Example-1 Terraform for_each module

  • In the below example, you will notice for_each contains two keys (key1 and key2) and two values (t2.micro and t2.medium) inside the for each loop. When the code is executed then for each loop will create:
    • One instance with key as “key1” and instance type as “t2.micro”
    • Another instance with key as “key2” and instance type as “t2.medium”.
  • Also below code will create different account with names such as account1, account2, account3 and account4.
resource "aws_instance" "my-machine" {
  ami = "ami-0a91cd140a1fc148a"
  for_each  = {
      key1 = "t2.micro"
      key2 = "t2.medium"
   }
  instance_type    = each.value	
  key_name         = each.key
  tags =  {
   Name = each.value 
	}
}

resource "aws_iam_user" "accounts" {
  for_each = toset( ["Account1", "Account2", "Account3", "Account4"] )
  name     = each.key
}

Terraform for_each module example 1 to launch ec2 instance and IAM users
Terraform for_each module example 1 to launch ec2 instance and IAM users

Example-2 Terraform for_each module

  • In the below example, you will notice for_each is a variable of type map(object) which has all the defined arguments such as (instance_type, key_name, associate_public_ip_address and tags). After Code is executed every time each of these arguments get a specific value.
resource "aws_instance" "web1" {
  ami                         = "ami-0a91cd140a1fc148a"
  for_each                    = var.myinstance
  instance_type               = each.value["instance_type"]
  key_name                    = each.value["key_name"]
  associate_public_ip_address = each.value["associate_public_ip_address"]
  tags                        = each.value["tags"]
}

variable "myinstance" {
  type = map(object({
    instance_type               = string
    key_name                    = string
    associate_public_ip_address = bool
    tags                        = map(string)
  }))
}

myinstance = {
  Instance1 = {
    instance_type               = "t2.micro"
    key_name                    = "key1"
    associate_public_ip_address = true
    tags = {
      Name = "Instance1"
    }
  },
  Instance2 = {
    instance_type               = "t2.medium"
    key_name                    = "key2"
    associate_public_ip_address = true
    tags = {
      Name = "Instance2"
    }
  }
}
Terraform for_each module example 2 to launch multiple ec2 instance
Terraform for_each module example 2 to launch multiple ec2 instances

Example-3 Terraform for_each module

  • In the below example, similarly you will notice instance_type is using toset which contains two values(t2.micro and t2.medium). When the code is executed then instance type takes each value from the set values inside toset.
locals {
  instance_type = toset([
    "t2.micro",
    "t2.medium",
  ])
}

resource "aws_instance" "server" {
  for_each      = local.instance_type

  ami           = "ami-0a91cd140a1fc148a"
  instance_type = each.key
  
  tags = {
    Name = "Ubuntu-${each.key}"
  }
}
Terraform for_each module example 3 to launch multiple ec2 instances
Terraform for_each module example 3 to launch multiple ec2 instances

Terraform provider

Terraform depend on the plugins to connect or interact with cloud providers or API services, and to perform this, you need Terraform provider. There are several terraform providers that are stored in Terraform registry such as terraform provider aws or aws terraform provider or terraform azure.

Terraform configurations must declare which providers they require so that Terraform can install and use them. Some providers require configuration (like endpoint URLs or cloud regions) before using. The provider also uses local utilities like generating random strings or passwords. You can create multiple or single configurations for a single provider. You can have multiple providers in your code.

Providers are stored inside the “Terraform registry,” Some are in-house providers ( companies that create their own providers). Providers are written in Go Language.

Let’s learn how to define a single provider and then define the provider’s configurations inside terraform.

# Defining the Provider requirement 

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
    postgresql = {
      source = "cyrilgdn/postgresql"
    }
  }
  required_version = ">= 0.13"   # New way to define version 
}


# Defining the Provider Configurations and names are Local here i.e aws,postgres,random

provider "aws" {
  assume_role {
  role_arn = var.role_arn
  }
  region = var.region
}

provider "random" {}

provider "postgresql" {
  host                 = aws_rds_cluster.main.endpoint
  username             = username
  password             = password
}

Defining multiple aws providers terraform

In the previous section, you learned how to use aws provider terraform to connect to AWS resources, which is great, but with that, you can only in one particular aws region. However, consider using multiple aws providers’ Terraform configurations if you need to work with multiple regions.

  • To create multiple configurations for a given provider, you should include multiple provider blocks with the same provider name but to use the additional non-default configuration, use the alias meta-argument as shown below.
  • In the below code, there is one aws terraform provider named aws that works with the us-east-1 region by default and If you need to work with another region, consider declaring same provider again but with different region and alias argument.
  • For creating a resource in us-west-1 region declare provider.<alias-name> in the resource block as shown below.
# Defining Default provider block with region us-east-1

provider "aws" {      
  region = us-east-1
}

# Name of the provider is same that is aws with region us-west-1 thats why used ALIAS

provider "aws" {    
  alias = "west"
  region = us-west-1
}

# No need to define default Provider here if using Default Provider 

resource "aws_instance" "resource-us-east-1" {}  

# Define Alias Provider here to use west region  

resource "aws_instance" "resource-us-west-1" {    
  provider = aws.west
}

Quick note on Terraform version : In Terraform v0.12 there was no way to give a source but in the case of Terraform v 0.13 onwards you have an option to add a source address.

# This is how you define provider in Terraform v0.13 and onwards
terraform {          
  required_providers {
    aws = {
      source = "hasicorp/aws"
      version = "~>1.0"
}}}

# This is how you define provider in Terraform v 0.12
terraform {               
  required_providers {
    aws = "~/>1.0"
}}

Join 46 other followers

Conclusion

In this Ultimate Guide, you learned what is terraform, terraform provider, and understood how to declare terraform provider aws and further used to interact with cloud services.

Now that you have gained a handful of Knowledge on Terraform continue with the PART-2 guide and become the pro of Terraform.

Learn Terraform: The Ultimate terraform tutorial [PART-2]

Ultimate Ansible interview questions and answers

If you are preparing for a DevOps interview or for an Ansible administrator, consider this guide as your friend to practice ansible interview questions and answers and help you pass the exam or interview.

Without further delay, let’s get into this Ultimate Ansible interview questions and answers guide, where you will have three Papers to practice containing 20 questions of Ansible.

Join 46 other followers

PAPER-1

Q1. What is Ansible ?

Answer: Ansible is open source configuration tool written in python Language. Ansible is used to deploy or configure any software, tools or files on remote machines quickly using SSH Protocol.

Q2. What are advantages of Ansible.

Answer: Ansible is simple to manage, agent-less, has great performance as it is quick to deploy and doesn’t require much efforts to setup and no doubt it is reliable.

Q3. What are the things which Ansible can do ?

Answer: Deployment of apps such as apache tomcat, AWS EC2 instance, configuration Management such as configure multiple file in different remote nodes , Automates tasks and is used for IT orchestration.

Q4. Is it possible to have Ansible control node on windows ?

Answer: No, you can have Ansible controller host or node only on Linux based operating system however you can configure windows machine as your remote hosts.

Q5. What are requirements when the remote host is windows machine ?

Answer: Ansible needs Powershell 3.0 and at least .NET 4.0 to be installed on windows Host, winRM Listener should be created and activated before you actually deploy or configure remote node as windows machine.

Q6. Where are different components of Ansible ?

Answer: API’s, Modules, Host , Playbook , Cloud, Networking and Inventories.

Q7.What are Ansible adhoc commands ?

Answer: Ansible adhoc commands are the single line commands that are generally used for testing purpose or if you need to take an action which is not repeatable and rarely used such as restart service on a machine etc. Below is the example of ansible adhoc command.

The below command starts the apache service on the remote node.

ansible all -m ansible.builtin.service -a “name=apache2 state=started”

Q8. What is the ansible command to check uptime of all servers ?

Answer: Below is the ansible command to check uptime of the servers. This command will provide you an output stating since long the remote node is up.

ansible all -a /usr/bin/uptime 
Ansible ad hoc command to check the uptime of the server which is 33 days.
Ansible ad hoc command to check the server’s uptime, which is 33 days.

Q9. How to Install the Apache service using ansible command ?

Answer: To install apache service using ansible command you can use ansible adhoc command as shown below. In the below command b flag is to become root.

ansible all -m apt -a  "name=apache2 state=latest" -b  

Q10.What are the steps or commands to Install Ansible on Ubuntu Machine ?

Answer: The below commands you will need to execute to Install Ansible on Ubuntu Machine

# Update your system packages using apt update command
sudo apt update 
# Install below prerequisites package to work with PPA repository.
sudo apt install software-properties-common 
# Install Ansible PPA repository (Personal Package repository) 
sudo apt-add-repository –yes –update ppa:ansible/ansible
# Finally Install ansible
sudo apt install ansible

Q11. What is Ansible facts in Ansible ?

Answer: Ansible facts allows you to fetch or access the data or values such as hostname or Ip address from the remote hosts and stored.

Below is the example showing how you can run Ansible facts using ansible-playbook named main.yml.

# main.yml 
---
- name: Ansible demo
  hosts: web
  remote_user: ubuntu
  tasks:
    - name: Print all available facts
      ansible.builtin.debug:
        var: ansible_facts

 ansible-playbook main.yml
Output of the Ansible facts using ansible-playbook
The output of the Ansible facts using ansible-playbook

Q12. What are Ansible tasks ?

Answer: Ansible tasks are group of task which ansible playbook needs to perform such as copy , installing package , editing configurations on remote node and restarting services on remote node etc.

Let’s look at a basic Ansible task. In below code the Ansible task is to check if apache service is running on the remote node?

tasks:
  - name: make sure apache is running
    service:
      name: httpd
      state: started

Q13. What are Ansible Roles ?

Answer: Ansible roles is a way to structurally maintain your playbooks such that you can easily understand and work on it. Ansible role basically contains different folders for the simplicity such as it lets you load the files from files folder, variables from variable folder, handlers, tasks etc.

You can create different Ansible roles and reuse them as many times as you need.

Q14. Command to Create a user on linux machine using Ansible?

Answer: To create a user on linux machine using Ansible you can use ansible adhoc command as shown below.

ansible all -m ansible.builtin.user -a “name=name password=password” -b

Q15. What is Ansible Tower ?

Answer: Ansible tower is web based solution that makes Ansible even more to easy to use for IT teams. Ansible tower can be used for upto 10 nodes. It captures all recent activities like status of host . It integrates with notifications’ about all necessary updates. It also schedules Ansible Jobs very well.

Q16. How to connect with remote machines in Ansible?

Answer: After installing Ansible , configure Ansible inventory with the list of hosts or grouping them accordingly and finally connecting them using SSH protocol. After you configure the Ansible inventory you can test the connectivity between Ansible controller and remote nodes using ping module to ping all the nodes in your inventory

ansible all -m ping

You should see output for each host in your inventory, similar to this:

aserver.example.org | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

Q17. Does Ansible support AWS?

Answer: Yes. There are lots of AWS modules that are present in Ansible and can be used to manage AWS resources. Refer Ansible collections in the Amazon Namespace.

Q18. Which Ansible module allows you to copy files from remote machine to control machine ?

Answer: Ansible fetch module. Ansible fetch module is used for fetching files from remote machines and storing them locally in a file tree, organized by hostname.

- name: Store file from remote node directory to host directory 
  ansible.builtin.fetch:
    src: /tmp/remote_node_file
    dest: /tmp/fetched_host_file

Q19. Where you can find Ansible inventory by default ?

Answer: The default location of Ansible inventory is /etc/ansible/hosts.

Q20. How can you check the Ansible version?

Answer: To check the ansible version, run the ansible –version command below.

ansible --version
Checking the ansible version by using ansible --version command.
Checking the ansible version by using the ansible –version command.

Join 46 other followers

PAPER-2

Q1. Is Ansible agentless ?

Answer: Yes, Ansible is an open source tool that is agentless. Agentless here means when you install Ansible on host controller and when you use to deploy or configure changes on remote nodes, the remote node doesn’t require any agent or softwares to be installed.

Q2. What is Primary use of Ansible ?

Answer: Ansible can be used in IT Infrastructure to manage and deploy software application on remote machines.

Q3. What are Ansible Hosts or remote nodes ?

Answer: Ansible hosts are machines or nodes on which Ansible controller host deploys the software’s. Ansible host could be Linux, RedHat, Windows, etc.

Q4. What is CI (Continuous Integration) ?

Answer: CI also known as Continuous integration is primarily used by developers. Successful Continuous integration means when developers code is built , tested and then pushed to Shared repository whenever there is a change in code.

Q5. What is the main purpose of role in Ansible ?

Answer: The main purpose of Ansible role is to reuse the content again by using the proper Ansible folder structure directory. These directory’s folder contains multiple configuration files or content accordingly that needs to be declared at various places and in various modules, to minimize the re-code work roles are used.

Q6. What is Control Node?

Answer: The Control node is the Ansible node on which Ansible is installed. Before you install control node make sure Python is already installed on machine prior to installing Ansible.

Q7. Can you have Windows machine as Controller node ?

Answer: No.

Q8. What is the other names of Ansible Hosts?

Answer: Ansible hosts can also be called as Managed nodes. Ansible is not installed on managed nodes.

Q9. What is host file in Ansible ?

Answer: Inventory file is also known as host file in Ansible which is by default stored in /etc/ansible/hosts directory.

Q10. What is collections in Ansible ?

Answer: Ansible collections is a distribution format that include playbooks, roles, modules, plugins.

Q11. What is Ansible module in Ansible.

Answer: Ansible contains various Ansible modules that have a specific purpose such as copying the data, adding a user and many more. You can invoke a single module within a task defined in playbooks or several different modules in a playbook.

Q12. What is task in Ansible ?

Answer: To perform any action you need a task. Similarly in Ansible you need a task to run modules. For Ansible ad hoc command you can execute task only once.

Q13. What is Ansible Playbook?

Answer: Ansible playbook is an ordered lists of tasks that you run and are designed to be human-readable and are developed in a basic text language. For example in the below ansible playbook there are two tasks first is to create a user named adam and other task is to create a user shanky in the remote node.

---
- name: Ansible Create user functionality module demo
  hosts: web # Defining the remote server
  tasks:

    - name: Add the user 'Adam' with a specific uid and a primary group of 'sudo'
      ansible.builtin.user:
        name: adam
        comment: Adam
        uid: 1095
        group: sudo
        createhome: yes        # Defaults to yes
        home: /home/adam   # Defaults to /home/<username>

    - name: Add the user 'Adam' with a specific uid and a primary group of 'sudo'
      ansible.builtin.user:
        name: shanky
        comment: shanky
        uid: 1089
        group: sudo
        createhome: yes        # Defaults to yes
        home: /home/shanky  # Defaults to /home/<username>

Creating two users using ansible playbook
Creating two users using ansible-playbook

Q14. Where do you create basic inventory in Ansible?

Answer: /etc/ansible/hosts

Q15. What is Ansible Tower ?

Answer: Ansible tower is web based solution that makes Ansible even more to easy to use for IT teams. Ansible tower can be used for upto 10 nodes. It captures all recent activities like status of host . It integrates with notification’s about all necessary updates. It also schedules Ansible Jobs very well.

Q16. What is the command for running the Ansible playbook?

Answer: The below is the command to run or execute the ansible-playbook.

ansible-playbook my_playbook

Q17. On which protocol does Ansible communicate to remote node?

Answer: SSH

Q18. How to use ping module to ping all the nodes?

Answer: Below is the command which you can use to ping all the remote nodes.

ansible all -m ping

Q19. Provide an example to run a live command on all of your nodes?

Answer:

ansible all -a "/bin/echo hello"
Printing hello on remote node using ansible command.
Printing hello on remote node using ansible command.

Q20. How to run ansible command with privilege escalation (sudo and similar) ?

Answer: Below command executes the ansible command with root access by using --become flag.

ansible all -m ping -u adam --become

PAPER-3

Q1. Which module allows you to create a directory?

Answer: Ansible file module allows you to create a directory.

Q2. How to define number of parallel processes while communicating to hosts .

Answer: By setting the forks in ansible and to set the forks you need to edit ansible.cfg file.

Q3. Is Ansible agentless configuration management Tool ?

Answer: Yes

Q4. What is Ansible Inventory ?

Answer: Ansible works against managed nodes or hosts to create or manage the infrastructure . We list down these hosts or nodes in a file known as Inventory. Inventory can be of two types one is ini and other is YAML format

Q5. How to create a Ansible inventory in the ini format ?

Answer:

automate2.mylabserver.com
[httpd]
automate3.mylabserver.com
automate4.mylabserver.com
[labserver]
automate[2:6].mylabserver.com

Q6. How to create a Ansible inventory in the YAML format?

Answer:

all:
  hosts:
     automate2.mylabserver.com
  children:
      httpd:
        hosts:
          automate3.mylabserver.com
          automate4.mylabserver.com
      labserver:
         hosts:
          automate[2:6].mylabserver.com

Q7.What is Ansible TAG ?

Answer: When you need to add tags with Ansible then you can use Ansible Tags to do this. You can apply Ansible Tags on block level , playbook level, individual task level or role level.

tasks:
- name: Install the servers
  ansible.builtin.yum:
    name:
    - httpd
    - memcached
    state: present
  tags:
  - packages
  - webservers

Q8. What are key things required for Playbook ?

Answer: Hosts should be configured in inventory, Tasks should be declared in ansible playbook and Ansible should already be installed.

Q9. How to use existing Ansible tasks ?

Answer: We can use by importing the tasks import_tasks. Ansible import_tasks imports a list of tasks to be added to the current playbook for subsequent execution.

Q10. How can you secure the data in Ansible-playbook ?

Answer: You can secure the data using ansible-vault to encrypt the data and later decrypt it. Ansible Vault is a feature of ansible that allows you to keep sensitive data such as passwords or keys in encrypted files, rather than as plaintext in playbooks or roles.

Q11. What is Ansible Galaxy?

Answer: Ansible Galaxy is a repository for Ansible Roles that are available to drop directly into your Playbooks to streamline your automation projects.

Q12. How can you download roles from Ansible Galaxy ?

Answer: Below code allows you to download roles from Ansible Galaxy.

ansible-galaxy install username.role_name

Q13. What are Variables in ansible?

Answer: Ansible variables are assigned with values which are further used for commuting. After you create variables, either by defining them in a file, passing them at the command line, or registering the return value or values of a task as a new variable

Q14. Command to generate a SSH key-pair for connecting with remote machines?

Answer: ssh-keygen

Q15. What is Ansible Tower ?

Answer: Ansible tower is web based solution that makes Ansible even more to easy to use for IT teams. Ansible tower can be used for upto 10 nodes. It captures all recent activities like status of host . It integrates with notification’s about all necessary updates. It also schedules Ansible Jobs very well.

Q16. What is the command for running a playbook?

Answer:

ansible-playbook my_playbook

Q17. Does Ansible support AWS?

Answer: Yes.There are lots of modules that are present in Ansible.

Q18. How to create encrypted files using Ansible?

Answer: By using the below ansible-vault command.

ansible-vault create file.yml 

Q19. What are some key features of Ansible Tower?

Answer:

With Ansible Tower, you can view dashboards and see whatever is going on in real-time, job updates, who ran the playbook or ansible commands, Integrated notifications, schedule ansible jobs, run ansible remote commands, and perform.

Q20. What is the first-line syntax of any Ansible playbook?

Answer: First line syntax of ansible-playbook is – – –

---   # The first Line Syntax of ansible playbook

Join 46 other followers

Conclusion

In this ultimate guide, you had a chance to revise everything you needed to pass the interview with Ansible interview questions and answers.

Now that you have sound knowledge of Ansible and various components, modules, and features, and are ready for your upcoming interview.

The Ultimate Python interview questions: learn python the hard way

If you are preparing for a DevOps interview or for a Python developer, consider this guide as your friend to practice Python interview questions: learn python the hard way and answers and help you pass the exam or interview.

Without further delay, let’s get into this Ultimate Python interview questions and answers guide, where you will have 20 questions to practice.

Let’s get into it.

Join 46 other followers

PAPER

Q1. What is difference between List and Tuple in Python?

Answer: Lists are mutable i.e they can be modified and Tuples are immutable. As you can see in the below code the list can be modified however Tuples are not modifable.

List = ["a","i",20]
Tuples = ("a","i",20)
List = ["a","i",20]
Tuples = ("a","i",20)
print(List)
print(Tuples)
List[1] = 22
print(List)
Tuples[1] = "n"
print(Tuples)

After running the above code, you will notice that the Lists can modify, but the Tuples are not.

Running Python code to modify list and tuple
Running Python code to modify list and tuple

Q2. What are key features of Python.

Answer: Python is interpreted language, that means it doesn’t required to be compiled. It can be used in various automation areas such as AI technologies, easier to understand and write language. The Latest version of Python is 3.10

Q3. Give Examples of some famous Python modules?

Answer: Some of the example of Python modules are os, json, sys, math, random, math

Q4. What are local and global variables in Python ?

Answer: Local Variables are declared inside the function and scope is inside function only however global variables are those variables whose scope is for entire program.

Q5. What are functions in Python ?

Answer: This is a block of code which is only executed when called. To declare the function you need use the below syntax def < function-name> and call it using <function-name> as shown below.

def function(n): 
     a, b = 0, 1
     while a > n:
         print(a)
         print(b)
     print(n)
function(200)     
python shanky.py
Running Python function
Running Python function

Q6. What is __init__ ?

Answer: This is a method which automatically allocate memory when object or instance is created. All the Classes have __init__method.

Q7. What is the Lambda function in Python?

Answer: Lambda functions are also known as the anonymous function, which takes any number of parameters but is written in a single statement.

square = lambda num: num ** 2

Q8. What is self in Python?

Answer: self is an instance or object of a class. This is used with __init__ function and is explicitly included as first parameter.

Q9. How can you Randomize the list in Python ?

Answer: To randamize the list in Python consider importaning random module as showb below.

from random import shuffle
list = ["a" , "b" , "c" ,"d", "e"] 
shuffle(list)
print(list)

Q10.What does *args and *Kargs mean ?

Answer: The *args are used when you are sure about the number of arguments that you will pass in a function. Similarly * Kargs are keyword arguments where you are not sure about number of argument but they are declared in the dictionary formats.

Q11. Does Python Supports OOPs concept?

Answer: Yes , Python does support OOPs concept by creating classes and objects . Backends determines where state is stored or loaded from. By default we have local backend but we can give remote backed such as S3

Q12. Name some Python Libraries ?

Answer: The Python libraries are collection of built-in modules (written in C) that provide access to system functionality such as file I/O that would otherwise be inaccessible to Python programmers, as well as modules written in Python that provide standardized solutions for many problems that occur in everyday programming. For example Pandas, Numpy etc.

Q13. What are various ways to import the modules in python?

Answer:

import math 

import math as mathes ( Alias name ) 
from flask import Flask

Q14. What is Python Flask?

Answer: Python flask is a web framework which makes life of developer easy by reusing the code, extensions for operation to build a reliable, scalable and maintainable web apps. With Python flask web frameworks, you can create and build from static to dynamic applications and work with API requests.

There are different Python Web frameworks apart from Python flask such as TORNADO, PYRAMID and DJANGO .

Related POST: Python Flask Tutorial: All about Python flask

Q15. How can we open a file in Python?

Answer:

with open("myfile.txt", "r") as newfile:

Q16. How can you see statistics of file located in directory?

Answer: To see the stats of file located in directory consider using os module.

import os

os.stat("file_name") # These stats include st_mode, the file type and permissions, and st_atime, the time the item was last accessed.

Q17. How do you define method and URL Bindings in Python Flask?

Answer:

@app.route("/login", methods = ["POST"])

Related POST: Python Flask Tutorial: All about Python flask

Q18. How does Python Flask gets executed in Python ?

Answer:

if __name__ ==  '__main__'
app.run(debug = True)

Q19. Which built in function evaluates expression and return Boolean result ?

Answer: can function

Q20. How can you make Python Script executable in Unix ?

Answer: Below are the steps that you would need to make Python Script executable in unix.

  • Define the Path of Python interpretor
#/usr/local/bin/python
  • Next convert the script into executable by using below command.
chmod +x abc.py
  • Finally run the script
python abc.py

Join 46 other followers

Conclusion

In this ultimate guide, you had a chance to revise everything you needed to pass the interview with Python interview questions and answers.

Now that you have sound knowledge of Python and various components, modules, and features, and are ready for your upcoming interview.

How to create a new Docker image using Dockerfile: Dockerfile Example

Are you looking to create your own Docker image? The docker images are the basic software applications or an operating system but when you need to create software with advanced functionalities of your choice, then consider creating a new docker image with dockerfile.

In this tutorial, you will learn how to create your own Docker Image using dockerFile, which contains a set of instructions and arguments again each instruction. Let’s get started.

Join 46 other followers

Table of Content

  1. Prerequisites
  2. What is Dockerfile?
  3. Dockerfile instructions or Dockerfile Arguments
  4. Dockerfile Example
  5. Conclusion

Prerequisites

If you’d like to follow along step-by-step, you will need the following installed:

  • Ubuntu machine with Docker installed. This tutorial uses Ubuntu 21.10 machine.
  • Docker v19.03.8 installed.

What is Dockerfile?

If you are new to dockerfile, you should know what dockerfile is. Dockerfile is a text file that contains all the instructions a user could call on the command line to assemble an image from a base image. The multiple instructions could be using the base image, updating the repository, Installing dependencies, copying source code, etc.

Docker can build images automatically by reading the instructions from a Dockerfile. Each instruction in DockerFile creates another layer (All the instructions take their own memory). While building the new image using the docker build command ( which is done by Docker daemon), if any instruction fails and if you rebuild the image, then previous instructions which are cached are used to build.

New Docker image can be built using simply executing docker build command, or if you need to build docker image from a different path use f flag.

docker build . 
docker build -f /path/to/a/Dockerfile .

Dockerfile instructions or Dockerfile Arguments

Now that you have a basic idea about what is docker and dockerfile, let’s understand some of the most important Dockerfile instructions or Dockerfile Arguments.

  • FROM : From instruction initializes new build stage and sets the base image for subsequent instructions. From instruction may appear multiple times in the dockerFile.
  • ARG: ARG is the only instruction that comes before FROM. The ARG instruction defines a variable that users can pass while building the image using the docker build command such as
 --build-arg <varname>=<value> flag
  • EXPOSE: Expose instruction informs docker about the port’s container listens on. The EXPOSE instruction does not actually publish the port.; it is just for the sake of understanding for admins to know about which ports are intended to be published
  • ENV: The ENV instruction sets the environment variable in the form of key-value pair.
  • ADD: The ADD instruction copies new files, directories, or remote file URLs from your docker host and adds them to the filesystem of the image.
  • VOLUME: The VOLUME instruction creates a mount point and acts as externally mounted volumes from the docker host or other containers.
  • RUN: The RUN instruction will execute any commands in a new layer on top of the current image and commit the results. RUN are declared in two ways, either shell way or executable way.
  • Shell way: the command is run in a shell i.e.,/bin/sh. If you need to run multiple commands, use the backslash.
  • Executable way: RUN [“executable”, “param1”, “param2”] . If you need to use any other shell than /bin/sh, you should consider using executable.
RUN /bin/bash -c 'source $HOME/.bashrc; echo $HOME' # Shell way
RUN ["/bin/bash", "-c", "echo HOME"] # Executable way (other than /bin/sh)
  • CMD: The CMD instruction execute the command within the container just like docker run exec command. There can be only one CMD instruction in DockerFile. If you list more than one then last will take effect. CMD has also three forms as shown below
    • CMD ["executable","param1","param2"] (exec form, this is the preferred form)
    • CMD ["param1","param2"] (as default parameters to ENTRYPOINT)
    • CMD command param1 param2 (shell form)

Let’s take an example in the below docker file; if you need that your container should sleep for 5 seconds and then exists, use the below command.

FROM Ubuntu
CMD sleep 5
  • Run the below docker run command to create a container, and then it sleeps for 5 seconds, and then the container exists.
docker run <new-image>
  • But If you wish to modify the sleep time such as 10 then either you will need to either change the value manually in the Dockerfile or add the value in the docker command.
FROM Ubuntu    
CMD sleep 10    # Manually changing the sleep time in dockerfile
  • Now execute the docker run command as shown below.
docker run <new-image> sleep 10  # Manually changing the sleep time in command line

You can also use the entry point shown below to automatically add the sleep command in the running docker run command, where you just need to provide the value of your choice.

FROM Ubuntu
ENTRYPOINT ["sleep"]

With Entrypoint, when you execute the docker run command with a new image, sleep will automatically get appended in the command as shown below. Still, the only thing you need to specify is the number of seconds it should sleep.

docker run <new-image> sleep <add-value-of-your-choice>

So in case of CMD command instruction command line parameters passed are completely replaced where in case of entrypoint parameters passed are appended.

If you don’t provide the <add-value-of-your-choice>, this will result in an error. To avoid the error, you should consider using both CMD and ENTRYPOINT but make sure to define both CMD and ENTRYPOINT in json format.

FROM Ubuntu    
ENTRYPOINT sleep       # This command will always run sleep command
CMD ["5"]              # In case you pass any parameter in command line it will be picked else 5 by default
  • ENTRYPOINT: An ENTRYPOINT allows you to run the commands as an executable in a container. ENTRYPOINT is preferred when defining a container with a specific executable. You cannot override an ENTRYPOINT when starting a container unless you add the --entrypoint flag.

Dockerfile Example

Up to now, you learned how to declare dockerfile instructions and executable of each instruction, but unless you create a dockerfile and build a new image with these commands, they are not doing much. So let’s learn and understand by creating a new dockerfile. Let’s begin.

  • Login to the ubuntu machine using your favorite SSH client.
  • Create a folder under home directory named dockerfile-demo and switch to this directory.
mkdir ~/dockerfile-demo
cd dockerfile-demo/
  • Create a file inside the ~/dockerfile-demo directory named dockerfile and copy/paste the below code. Below code contains from instruction which sets the base image as ubuntu and runs the update and nginx installation commands and builds the new image. Once you run the docker containter then Image created is printed on the screen on containers terminal using echo command.
FROM ubuntu:20.04
MAINTAINER shanky@automateinfra.com
RUN apt-get update 
RUN apt-get install nginx 
CMD [“echo”,”Image created”] 
docker build -t docker-image:tag1 .
Building the docker image and tagging successfully
Building the docker image and tagging successfully

As you can see below, once the docker container is started, the Image created is printed on the container’s screen.

Running the container
Running the container

Join 46 other followers

Conclusion

In this tutorial, you learned what is dockerfile, a lot of dockerfile instructions and executables, and finally, how to create your own Docker Image using dockerFile.

So which application are you planning to run using the newly created docker image?

Ultimate docker interview questions for DevOps

If you are looking to crack your DevOps engineer interview, docker is one of the important topics that you should prepare. In this guide, understand the docker interview questions for DevOps that you should know.

Let’s go!

Join 46 other followers

Table of Content

Q1. What is Docker ?

Answer: Docker is lightweight containerized technology. It allows you to automate deployment in portable containers which is built from docker images.

Q2. What is Docker Engine.

Answer: Docker Engine is an server where docker is installed . Docker Client and server remains on the same server or remote host. Clients can connect with server using CLI or RESTful API’s.

Q3. What is use of Dockerfile and what are common instructions used in docker file?

Answer: We can either pull docker image and use it directly to build our apps or we can use it and on top of it we can create one more layer according to the need that’s where Dockerfile comes in play. With Docker file you can design the image accordingly. Some common instructions are FROM, LABEL, RUN , CMD

Q4. What are States of Docker Containers ?

Answer: Running , Exited , Restarting and Paused.

Q5. What is DockerHUB ?

Answer: Dockerhub is a cloud based registry for docker images . You can either pull or push your images in DockerHub.

Q6. Where are Docker Volumes stored ?

Answer: Docker Volumes are stored in /var/lib/docker/volumes.

Q7.Write a Dockerfile to Create and Copy a directory and built using Python Module ?

Answer:

FROM Python:3.0
WORKDIR /app
COPY . /app

Q8. What is the medium of communication between docker client and server?

Answer: Communication between docker client and server is taken care by REST API , socker.IO and TCP Protocol.

Q9. How to start Docker container and create it ?

Answer: Below command will create the container as well as run the container. Ideally just to create container you use docker container create “Container_name”

docker run -i -t centos:6

Q10.What is difference between EXPOSE PORT and PUBLISH Port ?

Answer: Expose Port means you just exposes it locally i.e to container only . Publish Port means you are allowing from outside World.

Q11. How can you publish Port i.e Map Host to container port ? Provide an example with command

Answer:

Here p is mapping between Host and container and -d is dettached mode i.e container runs in background and you just see container ID displayed on

docker container run -d -p 80:80 nginx

Q12. How do you mount a volume in docker ?

Answer:

docker container run -d --name "My container"  --mount  source="vol1",target=/app  nginx

Q13. How Can you run multiple containers in single service ?

Answer: We can achieve this by using docker swarm or docker compose. Docker compose uses YAML formatted files.

Q14. Where do you configure logging driver in docker?

Answer: We can do that in file daemon.jason.file.

Q15. How can we go inside the container ?

Answer:

docker exec -it "Container_ID"  /bin/bash

Q16. How can you scale your Docker containers?

Answer: By using Docker compose command.

docker-compose --file scale.yml scale myservice=5

Q17. Describe the Workflow from Docker file to Container execution ?

Answer: Docker file ➤ Docker Build ➤ Docker Image (or Pull from Registry) ➤Docker run -it ➤ Docker Container ➤Docker exec -it ➤Bash

Q18. How to monitor your docker in production ?

Answer:

docker stats : Get information about CPU , memory and usage etc.

docker events : Check activities of containers such as attach , detach , die, rename , commit etc.

Q19. Is Docker swarm an approach to orchestrate containers ?

Answer: Yes it is one of them and other is kubernetes

Q20. How can you check docker version?

Answer: docker version command which gives you client and server information together.

Q21. How can you tag your Docker Image ?

Answer: Using docker tag command.

docker tag "ImageID" "Repository":tag

Conclusion

In this guide, you learned some of the basic questions around the docker interview questions for DevOps that you should know.

There is some more interview guide published on automateinfra.com; which one did you like the most?

How to Install Apache tomcat using Ansible.

If you are looking to install apache tomcat instances, consider using Ansible as a great way.

Ansible is an agentless automation tool that manages machines over the SSH protocol by default. Once installed, Ansible does not add a database, and there will be no daemons to start or keep running.

With Ansible, you can create an ansible playbook and use it to deploy dozens of tomcat in one go. In this tutorial, you will learn how to install apache tomcat using Ansible. Let’s get started.

Join 46 other followers

Table of Content

  1. Prerequisites
  2. Building tomcat Ansible-playbook on the Ansible Controller
  3. Running Ansible-playbook on the Ansible Controller
  4. Tomcat files and Tomcat directories on a remote node
  5. Conclusion

Prerequisites

This post will be a step-by-step tutorial. If you’d like to follow along, be sure you have:

  • An Ansible controller host. This tutorial will be using Ansible v2.9.18.
  • A remote Linux computer to test out the tomcat installation. This tutorial uses Ubuntu 20.04.3 LTS as the remote node.
  • An inventory file and one or more hosts are configured to run Ansible commands and playbooks. The remote Linux computer is called webserver, and this tutorial uses an inventory group called web.

Ensure your remote machine IP address is inside /etc/ansible/hosts ( either one remote machine or define it as a group)

Building tomcat Ansible-playbook on the Ansible Controller

Ansible is an automation tool used for deploying applications and systems easily; it could be Cloud, Services, orchestration, etc. Ansible uses YAML Language to build playbooks which are finally used to deploy or configure the required change. To deploy tomcat, let’s move ahead and create the ansible-playbook.

  • SSH or login into your any Linux machine.
  • Create a file named my_playbook3.yml inside /etc/ansible folder and paste below code.

The below playbook contains all the tasks to install tomcat on the remote node. The first task is to update your system packages by using the apt command, further creating tomcat user and group. The next task is to install java, install tomcat, and create necessary folders and permissions for the tomcat directory.

---
- name: Install Apache Tomcat10 using ansible
  hosts: webserver
  remote_user: ubuntu
  become: true
  tasks:
    - name: Update the System Packages
      apt:
        upgrade: yes
        update_cache: yes

    - name: Create a Tomcat User
      user:
        name: tomcat

    - name: Create a Tomcat Group
      group:
        name: tomcat

    - name: Install JAVA
      apt:
        name: default-jdk
        state: present


    - name: Create a Tomcat Directory
      file:
        path: /opt/tomcat10
        owner: tomcat
        group: tomcat
        mode: 755
        recurse: yes

    - name: download & unarchive tomcat10 
      unarchive:
        src: https://mirrors.estointernet.in/apache/tomcat/tomcat-10/v10.0.4/bin/apache-tomcat- 10.0.4.tar.gz
        dest: /opt/tomcat10
        remote_src: yes
        extra_opts: [--strip-components=1]

    - name: Change ownership of tomcat directory
      file:
        path: /opt/tomcat10
        owner: tomcat
        group: tomcat
        mode: "u+rwx,g+rx,o=rx"
        recurse: yes
        state: directory

    - name: Copy Tomcat service from local to remote
      copy:
        src: /etc/tomcat.service
        dest: /etc/systemd/system/
        mode: 0755

    - name: Start and Enable Tomcat 10 on sever
      systemd:
        name: tomcat
        state: started
        daemon_reload: true


Running Ansible-playbook on the Ansible Controller

Earlier in the previous section, you created the ansible-playbook, which is great, but it is not doing much unless you deploy it. To deploy the playbook using the ansible-playbook command.

Assuming you are logged into Ansible controller:

  • Now run the playbook using the below ansible-playbook command.
ansible-playbook my_playbook3.yml

As you can see below, all the tasks are successfully completed; if the status of TASK shows ok, that means the task was already completed; else, for changed status, Ansible performs the task on the remote node.

Running the ansible-playbook in the Ansible controller host
Running the ansible-playbook in the Ansible controller host
  • Next, verify remote machine if Apache Tomcat is installed successfully and started use the below command.
systemctl status tomcat 
service tomcat status
Verifying the tomcat service on the remote node
Verifying the tomcat service on the remote node
  • Also you can verify by running process command.
ps -ef | grep tomcat
ps -aux | grep tomcat
Checking the tomcat process
Checking the tomcat process
Checking the tomcat process
Checking the tomcat process

Join 46 other followers

Tomcat files and Tomcat directories on a remote node

Now that you have successfully installed the tomcat on the remote node and verified the tomcat service, it is equally important to check the tomcat files created and the purpose of each of them.

  • Firstly all the tomcat files and tomcat directories are stored under <tomcat-installation-directory>/*.

Your installation directory is represented by environmental variable  $CATALINA_HOME

  • The tomcat directory and files should be owned by user tomcat
  • The tomcat user should be member of tomcat group.
Verify all files of tomcat
Verify all files of tomcat
  • <tomcat-installation-directory>/bin: This directory consists of startup and shutdown scripts (startup.sh and shutdown.sh) to run or stop the tomcat directly without using the tomcat service configured.
Verify installation directory of tomcat
Verify installation directory of tomcat
  • <tomcat-installation-directory>/conf: This is very crucial directory where tomcat keeps all its configuration files.
Tomcat configuration directory
Verify Tomcat configuration directory
  • <tomcat-installation-directory>/logs: In case you get any errors while running your tomcat then you can look at your safeguard ie. logs , tomcat creates its own logs under this directory.
Tomcat logs directory
Verify Tomcat logs directory
  • <tomcat-installation-directory>/webapps: This is the directory where you place your code such as .war and run your applications. It is highly recommended to stop tomcat and then deploy your application inside this directory and then start tomcat.
Tomcat Code directory
Verify Tomcat Code directory

Join 46 other followers

Conclusion

In this tutorial, we covered in-depth how can you install Apache Tomcat 10 on the ubuntu 18.0 version using Ansible controller and finally discussed files and directories which are most important for any Apache tomcat admins and developers.

If you wish to run your application on lightweight and easily, Apache Tomcat is your friend.

The Ultimate Handbook of Linux command cheat sheet

If you are new to Linux operating system, then this handbook is a Linux command cheat sheet for you that will help you to jumpstart in the Linux world.

In this ultimate Handbook of Linux command cheat sheet, you will find a variety of Linux command that you are used every day in the Linux administrator role.

Join 46 other followers

Table of Content

  1. Prerequisites
  2. Linux command cheat sheet
  3. Conclusion

Prerequisites

This post will be a step-by-step tutorial. If you’d like to follow along, be sure you have:

  • CentOS 8 machine or preferably CentOS 7 plus , if you don’t have any machine you can create a ec2 instance on AWS account. Recommended to have 4GB RAM and at least 5GB of drive space.

how to check linux version or the kernel version : You can use uname –kernel-name –kernel-release –machine command

Linux command cheat sheet

In this section, you will see the Linux command, and they are executed. You should try these commands on your centos machine which will help you to command linux operating system.

  • Linux uptime command: Linux uptime command provides the details about how long the Linux system is active and running.
uptime
Linux uptime command execution
Linux uptime command execution
  • uname command in linux: uname command in linux provides the information about the current kernel of your linux machine.
uname
uname command in Linux execution
uname command in Linux execution
PurposeCommand to execute
System uptime informationuptime
kernel informationuname -r 
The IP address of the machinehostname -I
last rebootlast reboot
Who you are logged in aswhoami
who is onlinew or who
CPU informationcat /proc/cpuinfo
Memory Informationcat /proc/meminfo
free and used memory free -h
hardware infodmidecode
Processestop
List files opened by the userlsof -u user
all the currently running processesps -ef
your currently running processesps
mysql processps –ef | grep mysql
Date & Time Settingschronyd
Date & Time Settingsntpd
Displaying the Current Date and Timedate
Displaying the Current Date and Timetimedatectl
Command to manage systemdsystemctl
System-wide locale settings/etc/locale.conf
Listing available system locale settings:localectl list-locales
current status of the system locales settingslocalectl status
configuring network accessnmcli
configuring network accessnmtui
modify the existing connection:nmcli con mod “con-name”
display all connections:nmcli con show
display the active connection:nmcli con show –active
Linux Softwares areRPM packages
Repo Directory/etc/yum.repos.d/
available repositories:subscription-manager repos –list
currently enabled repositories:yum repolist
Searching for packagesyum search string
Installing a package:yum install package_name
Updating all packagesyum update
Updating a package:yum update package_name
Uninstalling a packageyum remove package_name
installed and available packagesyum list all
installed packages:yum list installed
enable a servicesystemctl enable service_name
disable a servicesystemctl disable service_name
Firewall service firewalld
current status of the firewallsystemctl status firewalld
Start firewallsystemctl start firewalld
the additional layer of system securitySELinux
Display the current SELinuxgetenforce
Change the state of SELinuxsetenforce Enforcing/Permissive
Permanent SELinux State/etc/selinux/config
SSH connectionfacilitates client-server communication
Disabling SSH Root Loginvi /etc/ssh/sshd_config
PermitRootLogin no
systemctl restart sshd
Min value in useraddUID_MIN 1000
Max value in useraddUID_MAX 60000
Adding a user to a group:usermod -a -G group_name user_name
<1000Reserved userID details in/etc/login.defs
Brilliant Guide to Linux command line sheet

Join 46 other followers

Conclusion

In this ultimate Handbook of Linux command cheat sheet, you learned various Linux commands that you can use in the Linux administrator role.

So now you are Linux command pro, so you should consider creating shell scripts with all these commands and try.

How to Protect Ubuntu network and ubuntu firewall

In today’s world, there are high chances that attackers may attack your system because machines may be open to the world in one or another way. To eliminate all vulnerabilities and attacks, you should consider protecting the Ubuntu network and ubuntu firewalls.

In this tutorial, you will learn how to Protect the Ubuntu network and ubuntu firewall with various ways to keep your machine far from attacks and more secure.

Let’s go!

Join 46 other followers

Table of Content

  1. Prerequisites
  2. Checking ubuntu vulnerabilities
  3. How to check the list of running services on ubuntu 21.04 machine
  4. How to stop ubuntu service running on ubuntu 21.04 machine
  5. Scanning ubuntu 21.04 machine using various tools
  6. Scanning ubuntu 21.04 with Rootkit hunter or Rkhunter
  7. Protecting ubuntu 21.04 using tcptrace command
  8. How To Set Up the UFW Firewall on Linux
  9. UFW commands for ubuntu machine ( ufw firewall , ufw allow port , uwf limit etc.)
  10. Conclusion

Prerequisites

This post will be a step-by-step tutorial. If you’d like to follow along, be sure you have:

  • Ubuntu 21.04 machine or preferably Ubuntu 18.04 version plus , if you don’t have any machine you can create a ec2 instance on AWS account. Recommended to have 4GB RAM and at least 5GB of drive space

Checking ubuntu vulnerabilities

Let’s kick off this tutorial by first checking potential reasons for ubuntu vulnerabilities. There are multiple points that one must consider to get rid of vulnerabilities like:

  • Regularly check requirement of the applications such as softwares that are needed or no longer needed and if not needed make sure to purge those softwares or uninstall them.
  • Delete the services that no longer need for example to install apache2 web server you only need apache2 service and avoid installing some other extra services that are not required.
  • Disable services that are longer required in long run and are open to the world.

How to check the list of running services on ubuntu 21.04 machine

Consider running the below service command to check the list of running services on the ubuntu 21.04 machine.

service --status-all | grep '\[ + \]'
list of running services on ubuntu 21.04
list of running services on ubuntu 21.04

How to stop ubuntu service running on ubuntu 21.04 machine

To stop the ubuntu service no longer required on the ubuntu 21.04 machine, run the following command.

# service <service-name> stopservice
service apport stop 
# To check the status of service use service <service-name> status
How to stop ubuntu service running on ubuntu 21.04 machine
How to stop ubuntu service running on ubuntu 21.04 machine

Scanning ubuntu 21.04 machine using various tools

There are various tools that one should use and scan the ubuntu machine to look for any connectivity issue or unknown IP attacking your system. Let’s start with the Nmap.

Running nmap commands

Nmap is, also known as network mapper, is most widely used to do an analysis of network, monitor host details, and connections audits, and check all ports and connectivity on your machine or remote machine.

After you run the Nmap command, you will see it displays all the closed ports, DNS records, etc.

nmap ip-address
nmap command
Nmap IP-address command
  • You can also run the Nmap command using the hostname instead of Ip address of network component.
nmap Hostname      # nmap ip-10-111-4-53  
nmap hostname command
Nmap hostname command

Scanning ubuntu 21.04 with Rootkit hunter or Rkhunter

Rootkit hunter or RKhunter tool is used to find the issues in file and directories permission, hash changes and executables with incorrect file permissions, hidden files.

  • Run rkhunter command to check the system files and configurations.
rkhunter -c  # To check our own machine's  system check
Rootkit hunter
Running Rootkit hunter
Rootkit hunter summary
Rootkit hunter summary

Protecting ubuntu 21.04 using tcptrace command

Another way to protect the Linux or ubuntu 21.04 machines is by running the tcptrace command. tcptrace is used to trace the TCP Packet information on the receiving and sending end of connections.

  • Run tcptrace to check the tcp connections as shown below.
 tcptrace -houtput
Running tcptrace command on ubuntu 21.04
Running tcptrace command on ubuntu 21.04

How To Set Up the UFW Firewall on Linux

Without a firewall, there are no rules or restrictions on your network traffic, and that leads to several negative consequences. The Linux system comes with a default firewall configuration tool called Uncomplicated Firewall (UFW). But how do you set up a UFW firewall?

UFW service enables you to implement selective or restrictive policies regarding access to your System and interface to iptables. Let’s check ufw commands in detail to understand better.

  • To install ufw firewall on ubuntu machine ( Note: Although this is already installed but incase it is not available)
apt install ufw 
 install ufw firewall on ubuntu machine
install ufw firewall on ubuntu machine
  • Now, check if ufw is successfully installed on your machine by running service ufw status command.
service ufw status
Checking the ufw firewall on ubuntu machine
Checking the ufw firewall on ubuntu machine
  • To check the UFW status on ubuntu 21.04 machine without running service command run the following command.
ufw status                 # Don't use service command 
Checking the ufw firewall status on ubuntu machine
Checking the ufw firewall status on ubuntu machine
  • To enable ufw on ubuntu 21.04 run the ufw enable command.
ufw enable  # select yes to proceed 
Enabling the ufw firewall status on ubuntu machine
Enabling the ufw firewall status on ubuntu machine
  • To allow port 80 and port 22 using ufw allow command.
ufw allow ssh   ufw allow 80
Allow the ufw firewall status on ubuntu machine
Allow the ufw firewall status on the ubuntu machine
  • To enable logging for ufw commands run the ufw loggin on commad else ufw logging off.
ufw logging on 
This image has an empty alt attribute; its file name is image-131.png
Enabling the logging using ufw command on ubuntu machine

UFW commands for ubuntu machine ( ufw firewall , ufw allow port , uwf limit etc.)

Let’s quickly check the list of all UFW commands useful for network connectivity on ubuntu 21.04 machines. Let’s do a quick summary of ufw commands.

ufw enable ✏ ufw enable command enables the firewall on the machine.
ufw disable ✏ ufw disable command disables the firewall on the machine.
ufw reload ✏ufw reload command reloads the firewall to ensure changes are applied
ufw logging on|off ✏ ufw logging on|off command enables or disables logging ufw on the machine
ufw allow ✏ ufw allow command adds an allow rule on the machine.
ufw deny ✏ ufw deny command adds a deny rule on the machine.
ufw reject ✏ ufw reject command adds a reject rule on the machine.
ufw limit ✏ ufw limit command adds a limit rule on the machine.
ufw delete ✏ ufw delete command deletes the rule on the machine.
ufw status ✏ ufw status command shows the firewall status on the machine.
ufw-version ✏ufw-version command displays version information on the machine.

The Uncomplicated Firewall (ufw) is a front-end for iptables and is particularly well-suited for host-based firewalls, so you can block or allow traffic based on IP address, NIC, port, network, and more. You can set iptables to log all actions or just specific actions.

sudo iptables -L     #  Lists the currently set firewall rules
Lists the currently set firewall rules using iptables
Lists the currently set firewall rules using iptables
sudo iptables -L -vn   #  Lists the currently set firewall rules with more details
Lists the currently set firewall rules in details using iptables
Lists the currently set firewall rules in detail using iptables
sudo iptables -F    #  Deletes the currently set firewall rules 

Join 46 other followers

Conclusion

Throughout this tutorial, you’ve realized that setting up a firewall and protecting the ubuntu machine is important. There are multiple ways to protect, such as using UFW, NMap commands, tcptrace.

You should now have a good understanding of how to protect the Ubuntu network and ubuntu firewall; why not build on this newfound knowledge.

How to Install Tomcat on Ubuntu Machine.

If you are looking to deploy your critical web applications on a web server, nothing could be better than Apache Tomcat.

Tomcat is a lightweight and widely used web server based on the implementation of Java servlets, JSP, and Java expression language. Tomcat provides a pure Java HTTP web server environment where java code runs. Many applications are hosted on tomcat as this is open-source, a victory for system operators.

In this tutorial, you will learn how to install Apache Tomcat 10.0 on an Ubuntu Linux machine.

Join 46 other followers

Table of Content

  1. Prerequisites
  2. How to Install Java 11 on ubuntu 18.04 machine
  3. How to Install Tomcat 10 on ubuntu 18.04 machine
  4. Tomcat files and Tomcat directories on a remote node
  5. Conclusion

Prerequisites

This post will be a step-by-step tutorial. To follow along, be sure you have the following:

Apache Tomcat is supported on all Windows, Linux, and macOS operating systems.

How to Install Java 11 on ubuntu 18.04 machine

As previously specified, Tomcat requires Java to be installed as tomcat implements Java-based technologies. If you don’t have java installed, let’s learn how to install Java Version 11 on the ubuntu 18.04 machine.

  • Connect to Ubuntu machine using your favorite SSH client.
  • Next, install java by running the apt install command. default-jdk is an open source java runtime which is most widely used.
# Installing Java Version: Java SE 11 (LTS)
sudo apt install default-jdk 
  • After apt install default-jdk command is executed successfully , verify if java has been installed successfully by running the below command.
java -version               # To check the Installed Java Version
Checking Java version using java -version command
Checking Java version using java -version command
  • To verify the Java you can also check the location of java binaries using which and whereis commands.
which java                  # Provides the location of executable file 
whereis java               # Provides location of all the files related to Java
Checking Java binaries
Checking Java binaries
  • Run the below command to check the installation path of java. The system should respond with the path where Java is installed
update-alternatives --list java

If you have multiples Java installed on your machine and if you want to switch from one Java to another version consider running update-alternatives --config java command.

Checking the installation path of java
Checking the installation path of java

How to install Tomcat 10 on ubuntu 18.04 machine

Now that you have Java installed successfully installed on the ubuntu 18.04 machine, which is great. Next, you need to install a tomcat. Installing Tomcat is a straightforward task; let’s checkout.

  • Create a folder named tomcat inside the opt directory mkdir command.
cd /opt
mkdir tomcat
  • Download the Binary distribution of Tomcat 10 using curl command as shown below..
curl -O https://mirrors.estointernet.in/apache/tomcat/tomcat-10/v10.0.4/bin/apache-tomcat-10.0.4.tar.gz
Download the Binary distribution of Tomcat 10
Download the Binary distribution of Tomcat 10
  • Extract the tomcat archieve that you just downloaded using tar command. After you execute the tar command you should see the tomcat folder in the opt directory.
 sudo tar xzvf apache-tomcat-10.0.4.tar.gz -C /opt/tomcat --strip-components=1
Extract the tomcat archive
Extract the tomcat archive
  • Now that you have tomcat installed but you should consider running tomcat as a tomcat user which should be the part of tomcat group.
  • Creating a new group tomcat using groupadd command.
sudo groupadd tomcat
  • Next, create a tomcat user using useradd command and make it part of tomcat group .
    • -s /bin/false denotes that nobody can login as this user
    • /opt/tomcat will be tomcat home directory.
sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat      
  • To run tomcat as tomcat user assign the tomcat user and tomcat group to the tomcat directory.
cd /opt/tomcat                     # Go to tomcat directory
sudo chgrp -R tomcat /opt/tomcat   # tomcat group given group ownership on /opt/tomcat
sudo chmod -R g+r conf             # Assign Read permission to tomcat group on conf
sudo chmod g+x conf                # Assign Execute permission to tomcat group on conf
sudo chown -R tomcat opt/tomcat    # Assign tomcat as owner of the directory 
  • Now you are ready to start the tomcat application but it is always recommended to run the application using a service because the service saves applications to stop if the system reboots mistakenly or by any means. Let’s create the tomcat service.
  • To create the tomcat service create a new file named tomcat.service as shown below.
sudo vi /etc/systemd/system/tomcat.service
  • Next, copy and paste the below code in tomcat.service
[Unit]
Description=Apache Tomcat 
After=network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

User=tomcat
Group=tomcat
UMask=0007
Restart=always

[Install]
WantedBy=multi-user.target
  • Next, run the below commands to load the tomcat.service file & then start and enable the service.
sudo systemctl daemon-reload    # This will load the file in systemd and it.
sudo systemctl start tomcat     # Start the tomcat service
sudo systemctl enable tomcat    # Enable the tomcat service
sudo systemctl status tomcat    # Enable the tomcat service
Checking the status of the tomcat service
Checking the status of the tomcat service

By now, Apache Tomcat 10 service should be started and running successfully. To verify the tomcat application, navigate to the default webpage on the browser and type <IP-address-of your-tomcat-server>:8080.

Make sure to check your inbound rules and if port 8080 is open.

verify the tomcat application,
verify the tomcat application

Join 46 other followers

Tomcat files and Tomcat directories on a remote node

Now that you have successfully installed the tomcat on the remote node and verified the tomcat service, it is equally important to check the tomcat files created and the purpose of each of them.

  • Firstly all the tomcat files and tomcat directories are stored under <tomcat-installation-directory>/*.

Your installation directory is represented by environmental variable  $CATALINA_HOME

  • The tomcat directory and files should be owned by user tomcat
  • The tomcat user should be member of tomcat group.
Verify all files of tomcat
Verify all files of tomcat
  • <tomcat-installation-directory>/bin: This directory consists of startup and shutdown scripts (startup.sh and shutdown.sh) to run or stop the tomcat directly without using the tomcat service configured.
Verify installation directory of tomcat
Verify installation directory of tomcat
  • <tomcat-installation-directory>/conf: This is very crucial directory where tomcat keeps all its configuration files.
Tomcat configuration directory
Verify Tomcat configuration directory
  • <tomcat-installation-directory>/logs: In case you get any errors while running your tomcat then you can look at your safeguard ie. logs , tomcat creates its own logs under this directory.
Tomcat logs directory
Verify Tomcat logs directory
  • <tomcat-installation-directory>/webapps: This is the directory where you place your code such as .war and run your applications. It is highly recommended to stop tomcat and then deploy your application inside this directory and then start tomcat.
Tomcat Code directory
Verify Tomcat Code directory

Conclusion

In this tutorial, you have learned how to install Apache Tomcat on an Ubuntu server. Deploying Java applications on Apache Tomcat is a quick and easy process!

Apache Tomcat is the most widely used open-source tool for Java developers to run their web applications. Now that you have installed Apache Tomcat, which Java application will you deploy and manage next?

How to Work with Ansible When and Other Conditionals

If you need to execute Ansible tasks based on different conditions, then you’re in for a treat. Ansible when and other conditionals let you evaluate conditions, such as based on OS, or if one task is dependent on the previous task.

In this tutorial, you’re going to learn how to work with Ansible when and other conditionals so you can execute tasks without messing things up.

Click here and Continue reading

How to Install Terraform on Linux and Windows

Are you overwhelmed with the number of cloud services and resources you have to manage? Do you wonder what tool can help with these chores? Wonder no more and dive right in! This tutorial will teach how to install Terraform!

Terraform is the most popular automation tool to build, change and manage your cloud infrastructure effectively and quickly. So let’s get started!

Click here and Continue reading

How to Deploy kubernetes stateful application or kubernetes StatefulSets in AWS EKS cluster

Are you looking for permanent storage for your Kubernetes applications or Kubernetes Pods? If yes, you are at the right place to learn about Kubernetes stateful sets that manage the deployment and scaling of a set of Pods and provide guarantees about the ordering and uniqueness of these Pods.

In this tutorial, you will learn how to deploy a Kubernetes stateful sets application deployment step by step. Let’s get into it.

Join 46 other followers

Table of Content

  1. Prerequisites
  2. What is kubernetes statefulsets deployment?
  3. Deploying kubernetes statefulsets deployment in Kubernetes Cluster
  4. Creating Kubernetes Namespace for kubernetes stateful sets deployment
  5. Creating a Storage class required for Persistent Volume (PV)
  6. Creating a persistent volume claim (PVC)
  7. Creating Kubernetes secrets to store passwords
  8. Creating the Stateful backend deployment in the cluster
  9. Creating the Stateful Frontend WordPress deployment
  10. Kubernetes Stateful application using AWS EBS vs Kubernetes Stateful application using AWS EFS
  11. Conclusion

Prerequisites

  • AWS EKS cluster already created.
  • AWS account

What is kubernetes statefulsets deployment?

Kubernetes stateful sets manage stateful applications such as MySQL, Databases, MongoDB, which need persistent storage. Kubernetes stateful sets manage the deployment and scaling of a set of Pods and provide guarantees about the ordering and uniqueness of these Pods.

With Kubernetes stateful sets with N replicas, when Pods are being deployed, they are created sequentially, in order from {0..N-1} and are terminated in reverse order, from {N-1..0}.

Deploying kubernetes statefulsets deployment in Kubernetes Cluster

In this article, you will deploy the Kubernetes stateful sets deployment with the following components:

  1. Frontend applications a wordpress service deployed as Kubenretes Stateful set deployment containing the persistent volume AWS EBS to store HTML pages.
  2. Backend applications MySQL service deployed as Kubenretes deployment containing Persistent volume AWS EBS to store MySQL data.
  3. Load balacer on the top frontend application. The Load balancer will route the traffic to WordPress pods, and WordPress site pods will store data in MySQL pod by routing it via MySQL service as shown in below picture.
Deploying kubernetes stateful sets deployment in Kubernetes Cluster
Deploying Kubernetes stateful sets deployment in Kubernetes Cluster

Creating Kubernetes Namespace for kubernetes stateful sets deployment

Now that you know what is Kubernetes stateful sets and what all components you need to deploy Kubernetes stateful sets in the Kubernetes cluster. But before you deploy should deploy it in a particular namespace to make things simple. Let’s create the Kubernetes namespace.

  • Create a Kubernetes namespace with below command. Creation of Kubernetes namespace allows you to separate a particular project or a team or env.
kubectl create namespace stateful-deployment
Kubernetes namespace created
Kubernetes namespace created

Creating a Storage class required for Persistent Volume (PV)

Once you have the Kubernetes namespace created in the Kubernetes cluster, you will need to create storage for storing the website and database data.

In the AWS EKS service, the PersistentVolume (PV) is a piece of storage in the cluster implemented via an EBS volume, which has to be declared or dynamically provisioned using Storage Classes.

  • Lets begin by creating a storage class that is required for persistent volume in the kubernetes cluster. To create the storage class first create a file gp2-storage-class.yaml and copy/paste the below code.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: gp2
provisioner: kubernetes.io/aws-ebs
parameters:
  type: gp2
reclaimPolicy: Retain
mountOptions:
  - debug
  • Now, create the Storage class by running the below command.
kubectl apply -f gp2-storage-class.yaml --namespace=stateful-deployment
Creating the Kubernetes Storage class in Kubernetes cluster.
Creating the Kubernetes Storage class in the Kubernetes cluster.

In case you receive any error then run below command.

kubectl patch storageclass gp2 -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' --namespace=stateful-deployment
  • Next, verify all the storage class that are present in the Kubernetes cluster.
kubectl get storageclasses --all-namespaces
Verifying the Kubernetes Storage class
Verifying the Kubernetes Storage class

Creating a persistent volume claim (PVC)

Now that you have created a storage class that persistent volume will use, create a Persistent volume claim (PVC) so that a stateful app can then request a volume by specifying a persistent volume claim (PVC) and mount it in its corresponding pod.

  • Again create a file named pvc.yaml and copy/paste the below content. The below code creates the two PVC, one for wordpress frontend application and the other for mysql backend application service.
apiVersion: v1
kind: PersistentVolumeClaim
# Creating persistent volume claim (PVC) for WordPress ( frontend )
metadata:
  name: mysql-pv-claim
  labels:
    app: wordpress
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 100Mi
---
apiVersion: v1
kind: PersistentVolumeClaim
# Creating persistent volume claim (PVC) for MySQL  ( Backend )
metadata:
  name: wp-pv-claim
  labels:
    app: wordpress
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 100Mi
  • Now execute the apply command to create the persistent volume.
kubectl apply -f pvc.yaml --namespace=stateful-deployment
Creating the Persistent Volume claim for WordPress and MySQL application
Creating the Persistent Volume claim for WordPress and MySQL application
  • Verify the recently created persistent volume in the kubernetes cluster. These PVC are actually created as AWS EBS volumes.
kubectl get pvc --namespace=stateful-deployment
Verify the recently created persistent volume claims in the kubernetes cluster
Verify the recently created persistent volume claims in the Kubernetes cluster
  • Also verify the storage in AWS EBS you will find the below two storages.
Verifying the Persistent volumes claims in AWS EBS
Verifying the Persistent volumes claims in AWS EBS

Creating Kubernetes secrets to store passwords

Up to now, you created Kubernetes namespace and persistent volume successfully, but MySQL application password will be stored as Kubernetes secrets. So let’s jump into and create Kubernetes secrets that will be used to store passwords for the MySQL application.

  • Create secret which stores mysql password (mysql-pw) which will be injected as env var into container.
kubectl create secret generic mysql-pass --from-literal=password=mysql-pw --namespace=stateful-deployment
Creating Kubernetes secrets to store passwords
Creating Kubernetes secrets to store passwords
  • Next, verify the secrets that were recently created by using kubectl get command.
kubectl get secrets --namespace=stateful-deployment
verify the Kubernetes secrets that were recently created by using kubectl get command
verify the Kubernetes secrets that were recently created by using the kubectl get command

Creating the Stateful backend deployment in the cluster

Kubernetes Stateful deployment can happen either with AWS EBS or AWS EFS

Now that you have Kubernetes namespace, Persistent volume, secrets that you will consume in the application. Let’s get into building the stateful backend deployment.

  • Create a file mysql.yaml for the deployment and copy/paste the below code. apiVersion is the kubernetes API version to manage the object. For Deployment/Replicasets its apps/v1 and for Pod and service it is v1.
apiVersion: v1
# Kind denotes what kind of resource/object will kubernetes will create
kind: Service
# metadata helps uniquely identify the object, including a name string, UID, and optional namespace.
metadata:
  name: wordpress-mysql
# Labels are key/value pairs to specify attributes of objects that are meaningful and relevant to users.
  labels:
    app: wordpress
# spec define what state you desire for the object
spec:
  ports:
    - port: 3306
# The selector field allows deployment to identify which Pods to manage.
  selector:
    app: wordpress
    tier: mysql
  clusterIP: None
---
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
  name: wordpress-mysql
  labels:
    app: wordpress
spec:
  selector:
    matchLabels:
      app: wordpress
      tier: mysql
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: wordpress
        tier: mysql
    spec:
      containers:
      - image: mysql:5.6
        name: mysql
        env:
# Creating the enviornment variable MYSQL_ROOT_PASSWORD whose value will be taken from secrets 
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysql-pass
              key: password
        ports:
        - containerPort: 3306
          name: mysql
# Volumes that we created PVC will be mounted here.
        volumeMounts:
        - name: mysql-persistent-storage
          mountPath: /var/lib/mysql
# Defining the volumes ( PVC ).
      volumes:
      - name: mysql-persistent-storage
        persistentVolumeClaim:
          claimName: mysql-pv-claim
  • Now create mysql deployment and service by running the below command.
kubectl apply -f mysql.yaml --namespace=stateful-deployment
Creating the Stateful backend deployment in the cluster
Creating the Stateful backend deployment in the cluster
  • Further check the Pods of MySQL backend deployment by running below command.
kubectl get pods -o wide --namespace=stateful-deployment
Verifying the Stateful backend deployment in the cluster
Verifying the Stateful backend deployment in the cluster

In case of deployment with AWS EBS, all the Kubernetes Pods are created on the same AWS EC2 node and Persistent Volume is attached (EBS). However in case of StatefulSet with EBS Kubernetes Pods can be created on various nodes with different EBS attached.

Creating the Stateful Frontend WordPress deployment

Previously, you created a Stateful backend MySQL application deployment, which is great, but you will need to create a WordPress Front application deployment for a complete setup. Let’s get into it now.

  • Create a file wordpress.yaml for the deployment and copy/paste the below code. apiVersion is the kubernetes API version to manage the object. For Deployment/Replicasets its apps/v1 and for Pod and service it is v1.
apiVersion: v1
kind: Service
metadata:
  name: wordpress
  labels:
    app: wordpress
spec:
  ports:
    - port: 80
  selector:
    app: wordpress
    tier: frontend
  type: LoadBalancer
---
apiVersion: apps/v1
# Creating the WordPress deployment as stateful where multiple EC2 will have multiple pods with diff EBS
kind: StatefulSet
metadata:
  name: wordpress
  labels:
    app: wordpress
spec:
  selector:
    matchLabels:
      app: wordpress
      tier: frontend
  replicas: 1
  serviceName: wordpress-stateful
  template:
    metadata:
      labels:
        app: wordpress
        tier: frontend
    spec:
      containers:
      - image: wordpress:4.8-apache
        name: wordpress
        env:
        - name: WORDPRESS_DB_HOST
          value: wordpress-mysql
        - name: WORDPRESS_DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysql-pass
              key: password
        ports:
        - containerPort: 80
          name: wordpress
        volumeMounts:
        - name: wordpress-persistent-storage
          mountPath: /var/www/html
# Below section of volume is valid only for deployments not for statefulset 
      volumes:
      - name: wordpress-persistent-storage
        persistentVolumeClaim:
          claimName: wp-pv-claim
# Below section is valid only for statefulset not for deployments as volumes will be created dynamically

 volumeClaimTemplates: 
 - metadata:
         name: wordpress-persistant-storage
    spec: 
        accessModes:
            - ReadWriteOnce
        resources:
            requests: 
                storage: 10Gi
        storageClassName: gp2  
  • Now create wordpress deployment and service by running the below command.
kubectl apply -f wordpress.yaml --namespace=stateful-deployment
  • Further check the Pods of WordPress deployment by running below command.
kubectl get pods -o wide --namespace=stateful-deployment

Kubernetes Stateful application using AWS EBS vs Kubernetes Stateful application using AWS EFS

As discussed earlier, AWS EBS volumes are tied to only one Availability Zone, so recreated pods can be only started in the same Availability Zone of the previous AWS EBS volume.

For example, if you have a Pod running on AWS EC2 instance in the Availability zone (a) with AWS EBS attached in the same zone, then if in case your pods get restarted in another AWS EC2 instance, Pod will be able to attach the same AWS EBS however if in case pod gets restarted in another instance in different Availability zone (b) then it won’t be able to attach to the same previous AWS EBS rather it will require a new AWS EBS in Availability zone (b).

Kubernetes Stateful application using AWS EBS
Kubernetes Stateful application using AWS EBS

As discussed with AWS EBS, things are a little complicated as AWS EBS are not shared volumes as they belong to a particular AZ rather than multi-AZ; however, by using shared volumes AWS EFS ( Elastic file system) across Multi-AZ and Pods, it is possible.

AWS EFS volumes are mounted as network file systems on multiple AWS EC2 instances regardless of AZ. and work efficiently in multi-AZ and are highly available.

Kubernetes Stateful application using AWS EFS
Kubernetes Stateful application using AWS EFS

Conclusion

In this article, you learned how to create permanent storage for your Kubernetes applications and mount it. Also, you learned that there are two ways to mount permanent storage to Kubernetes applications by using AWS EBS and AWS EFS.

Now, which applications you do plan to deploy in the AWS EKS cluster with permanent storage?

Windows Boot Process Step by Step

Are you wondering how exactly the windows booting process occurs and all that goes behind in the background? If yes, then you are at the right place. In this tutorial, you will learn how the windows boot process works step by step.

Let’s dive in.

Join 46 other followers

Table of Content

  1. What is firmware ?
  2. What is CMOS ?
  3. What is Flash Memory ?
  4. Step by Step Windows boot Processing
  5. What bios stands for and what is Bios ?
  6. What is Power On Self Test (POST)
  7. Master Boot Record (MBR)
  8. Windows Boot Manager
  9. Windows Boot Loader
  10. Loading the Windows kernel
  11. High Level Summary of Windows Boot Process
  12. High Level Summary of Windows Boot Process(Other way)
  13. Conclusion

What is firmware ?

Firmware is a software program stored on a hardware device to control, operate, or maintain the hardware in the background. Firmware is found on computer motherboards to hold hardware settings and settings related to BIOS and is stored in non-volatile memory devices such as ROM, EPROM, or flash memory.

Firmware
Firmware

What is CMOS ?

A complementary metal-oxide-semiconductor (CMOS) is a type of integrated circuit technology that
holds basic information, including the date and time and system configuration settings,
needed the basic input/output system (BIOS) to start the computer.

The CMOS (Complementary Metal-Oxide Semiconductor) chip stores the settings that you make
with the BIOS configuration program.

What is Flash Memory ?

Flash Memory is lifelong and unchanged storage used to store information even when the system is powered off. Flash memory is widely used with car radios, cell phones, digital cameras, PDAs, solid-state drives, tablets, and printers.

Flash memory
Flash memory

Step by Step Windows boot Processing

Now that you have a basic idea about a few components used in booting the windows machine. Let’s discuss in detail each step of how to perform window booting.

Step by Step Windows boot Processing
Step by Step Windows boot Processing

What bios stands for and what is Bios ?

Bios stands for Basic Input Output System and is the first software to run when a computer is started and is stored on a small memory chip on the motherboard. BIOS provides steps to the computer to perform basic functions such as booting.

(BIOS) is a program that’s stored in nonvolatile memory such as read-only memory (ROM) or flash memory, making it firmware

  • BIOS is also used to identify and configure the hardware in a computer such as the hard drive, floppy drive, optical drive, CPU, memory, and related equipment.
  • BIOS performs a POST (Power On Self Test) that checks all the hardware devices connected to a computer like RAM, hard disk, etc, and makes sure that the system can run smoothly with those hardware devices. If the POST is a failure the system halts with a beep sound.
  • The other task of the BIOS is to read the MBR. MBR stands for Master Boot Record and it’s the first sector on a hard disk. MBR contains the partition table and boot loader.
BIOS
BIOS
BIOS Configuration
BIOS Configuration

What is Power On Self Test (POST)

Power On Self Test (POST) checks all the hardware devices connected to a computer like RAM, hard disk, etc., and makes sure that the system can run smoothly with those hardware devices. If the POST fails, the system halts with a beep sound.

The first set of startup instructions in BIOS is the POST, which is responsible for the following system and diagnostic functions:

  • Performs initial hardware checks, such as determining the amount of memory present
  • Verifies that the devices needed to start an operating system, such as a hard disk, are present
  • Retrieves system configuration settings from nonvolatile memory, which is located on the motherboard
  • If a single beep is sounded from the PC, then there are no hardware issues present in the system. However, an alternative beep sequence indicates that the PC has detected a hardware issue that needs to be resolved before moving on to the next stages of the process

Master Boot Record (MBR)

After POST performs the testing, the BIOS reads the Master Boot Record (MBR). MBR is stored on the hard disk’s first sector and contains the boot loader.

Windows Boot Manager

Windows Boot Manager enables you to choose from multiple operating systems or select the kernels or helps to start Windows Memory Diagnostics. Windows Boot Manager starts the Windows Boot Loader. Located at %SystemDrive%\bootmgr.

Windows Boot Loader

The boot loader is a small program that loads the kernel to the computer’s memory that is in the RAM. There are three boot files in a Windows operating system: NTLDR, NTDETECT.COM, and Boot.ini.

  • The path of NTLDR (NT Loader) is C:\Windows\i386\NTLDR.
  • C:\boot.ini contains the configuration files of NTLDR
  • This file detect hardware’s and passes information to NTLDR

Loading the Windows kernel

The Windows Boot Loader is responsible for loading the Windows kernel (Ntoskrnl.exe), Hardware Abstraction Layer (HAL), Hal.dll file that helps the kernel to interact with hardware. Next, Windows executes the configuration information stored in the registry in HKLM\SYSTEM\CurrentControlSet and starts services and drivers. Winlogon.exe starts the login procedures of the windows machine.

High Level Summary of Windows Boot Process

  1. The computer loads the basic input/output system (BIOS) from ROM. The BIOS provides the most basic information about storage devices, boot sequence, security, Plug and Play (auto device recognition) capability and a few other items.
  2. The BIOS triggers a test called a power-on self-test (POST) to make sure all the major components are functioning properly. You may hear your drives spin and see some LEDs flash, but the screen, at first, remains black.
  3. The BIOS has the CPU send signals over the system bus to be sure all of the basic components are functioning. The bus includes the electrical circuits printed on and into the motherboard, connecting all the components with each other.
  4. The POST tests the memory contained on the display adapter and the video signals that control the display. This is the first point you’ll see something appear on your PC’s monitor.
  5. During a cold boot the memory controller checks all of the memory addresses with a quick read/write operation to ensure that there are no errors in the memory chips. Read/write means that data is written to a bit and then read back from that bit. You should see some output to your screen – on some PCs you may see a running account of the amount of memory being checked.
  6. The computer loads the operating system (OS) from the hard drive into the system’s RAM. That ends the POST and the BIOS transfers control to the operating system. Generally, the critical parts of the operating system – the kernel – are maintained in RAM as long as the computer is on. This allows the CPU to have immediate access to the operating system, which enhances the performance and functionality of the overall system

High Level Summary of Windows Boot Process(Other way)

  1. BIOS is the first software to run when a computer is started and stored on a small memory chip on the motherboard. BIOS is also used to identify hardware issues using POST and configure the hardware in a computer such as the hard drive, floppy drive, optical drive, CPU, memory, and related equipment.
  2. The other task of the BIOS is to read the MBR using windows boot manager.
  3. Further, Windows Boot Manager enables you to choose from multiple operating systems or select the kernels or helps to start Windows Memory Diagnostics. Windows Boot Manager starts the Windows Boot Loader (GRUB or LILO) located at %SystemDrive%\bootmgr.
  4. The boot loader ( GRUB or LILO) is a small program that loads the kernel to the memory of the computer that is RAM. There are three boot files in a Windows operating system, and they are NTLDR, NTDETECT.COM, and Boot.ini.
    • The path of NTLDR (NT Loader) is C:\Windows\i386\NTLDR.
    • C:\boot.ini contains the configuration files of NTLDR
    • This file detect hardware’s and passes information to NTLDR
  5. Next, The Windows Boot Loader is responsible for loading the Windows kernel (Ntoskrnl.exe) and the Hardware Abstraction Layer (HAL), Hal.dll( Hal.dll file) that helps the kernel to interact with hardware.
  6. Now, the Windows executive processes the configuration information stored in the registry in HKLM\SYSTEM\CurrentControlSet and starts services and drivers.
  7. Finally, winlogon.exe starts the login procedures of the windows machine

Conclusion

In this tutorial, you learned various needed components, or you should know how to understand how booting works in a windows machine.

Finally, you learned step by step boot process in windows Machine. So, with this knowledge, you should have a strong understanding of the windows reboot issues?

The Ultimate Docker tutorial for Beginners [Easiest Way]

Are you new to Docker? If yes, then you are here for the treat. Docker allows you to deploy, run and test your applications easily in any operating system in no time.

In this Ultimate Docker tutorial for Beginners, learn Docker, docker container, and everything about Docker? Still interested?

Let’s get started.

Join 46 other followers

Table of Content

  1. Prerequisites
  2. What is docker?
  3. Why Docker (docker vs vm or docker containers vs virtual machines)?
  4. What is a docker images?
  5. What is a Docker container?
  6. Docker vs Hypervisor
  7. Docker Architecture
  8. Docker commands for devops engineer
  9. Conclusion

Prerequisites

If you’d like to follow along step-by-step, you will need the following installed:

  • Ubuntu machine with Docker installed. This tutorial uses Ubuntu 21.10 machine.
  •  Docker v19.03.8 installed.

What is docker?

Docker is an open-source platform that allows you to deploy, run and ship applications. With Docker, it takes no time to deploy, run and test your applications anywhere in different operating systems. It is a lightweight, loosely isolated environment. It has a better cost-effective solution than a hypervisor virtual machine as you can use more compute resources.

Docker is written in the Go programming language and takes advantage of several features of the Linux kernel to deliver its functionality.

Docker provides the ability to package and run an application in a loosely isolated environment called a container. Containers are lightweight and contain everything needed to run the application, so you do not need to rely on the host.

Why Docker (docker vs vm or docker containers vs virtual machines)?

In this section, you will learn why you need docker and the difference between docker vs. VM by understanding docker vs. VM performance.

Virtual machine without Docker: The Operating system is dependent on hardware and is installed on it. But when you are hosting your applications directly on the operating system, applications depend on different libraries and other compatible issues. So, when you have two or more applications, it becomes difficult to manage so many microservices and takes a long time to step up.

Applications running without Docker
Applications running without Docker

Virtual machine with Docker engine: Now, this time, you are hosting your applications on Docker rather than directly on the operating system, so applications have their own libraries and dependencies. So, when you have two or more applications, it’s easier to manage as it has its own isolated environment and doesn’t break anything due to compatibility issues.

Containers have extra benefits such as:

  • Easy to create container image rather than VM image.
  • Container images are portable and can run on Ubuntu, RHEL, on-premises, public clouds, etc.
  • predictable application performance.